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NC  Intel®  Centrino®  2 
roT"  technology.  Greatly 
reduced  maintenance  visits  * 
That's  IT  as  it  should  be. 


New  Intel®  Centrino®  2  with  vPro™  technology  operates  at  the  hardware 
level  to  let  you  remotely  and  wirelessly  diagnose,  repair  and  reconnect  PCs  to 
the  network.  Even  when  the  user's  notebook  is  off  or  the  OS  is  inoperable** 


Centrino*  21 

vPro“ 


’Results  shown  are  from  the  2007  EDS  Case  Studies  with  Intel*  Centrino’  Pro  processor  technology,  3rd  party  audit  commissioned  by  Intel,  of  various  enterprise  IT  environments  and  may  not  be 
representative  of  the  results  that  can  be  expected  for  smaller  businesses.  The  studies  compare  test  environments  of  Intel*  Centrino’  Pro  processor  technology  equipped  PCs  vs  non-Intel'  Centrino’ 
Pro  processor  technology  environments.  Tested  PCs  were  in  multiple  OS  and  power  states  to  mirror  a  typical  working  environment.  Actual  results  may  vary.  Visit  intel.com/vpro  and  eds.com 
“Remote  manageability  requires  the  computer  system  to  have  an  Intel’  AMT-enabled  chipset,  network  hardware  and  software,  and  a  connection  with  a  power  source  and  corporate  network 
connection.  Setup  may  require  configuration  and  equipment  or  integration.  Intel  AMT  may  not  be  available  or  certain  capabilities  may  be  limited  depending  on  system  state.  Visit  intel.com/technology/ 
platform-technology/intel-amt  ©2008  Intel  Corporation.  Intel,  the  Intel  logo,  Centrino  logo,  Centrino,  and  vPro  are  trademarks  of  Intel  Corporation  in  the  United  States  and  other  countries. 


BREAKING  NEWS  AT  COMPUTERWORLD.COM 


■  NEWS  DIGEST 

4  IT  admins  are  still  being  urged  to 
apply  DNS  patches,  despite  some 

performance  issues.  |  The  GAO 

puts  a  spotlight  on  encryption 
shortcomings  at  federal  agencies. 

6  Financial  exchanges  are  moving 
toward  measuring  transactions 
in  microsecond  increments. 
Microsoft  shows  off  its  Sphere 

computer  prototype. 


8  NASA  and  the  Internet  Archive 

launch  a  Web  site  with  140,000 
images  from  the  NASA  vaults. 


■  NEWS  ANALYSIS 

10  IT  Must  Take  Care  in 
Switching  Storage  Vendors. 

Exploding  data  growth  and  security 
requirements  force  many  companies 
to  seek  out  new  storage  suppliers. 

12  Not  There  Yet:  The  iPhone 
Has  Some  Growing  to  Do.  The 

iPhone  3G  remains  less  functional  for 
corporate  uses  than  its  BlackBerry 
and  Windows  Mobile  rivals  are. 

■  OPINION 

2  Editor’s  Note:  Don  Tennant 
doesn’t  want  the  U.S.  government 
to  be  friends  with  the  Cuban  regime. 
But  that  isn’t  the  same  as  saying  Cuba 
should  be  thought  of  as  the  enemy. 

19  Michael  Gartenberg  finds 
the  software  for  Apple’s  new  iPhone 
more  significant  for  IT  than  the 
device  itself. 

30  Paul  Glen  says  you  can’t  force 
your  employees  to  be  accountable, 
but  you  can  invite  them  to  make  that 
choice  for  themselves. 

36  Frankly  Speaking:  Frank 

Hayes  says  encryption  is  hard.  He 
knows  it  is  because  he  has  read  the 
GAO’s  report  on  the  efforts  of  federal 
agencies. 


•i! 


i 

i 

! 

15 

I 

1 

I 

I 

l 

* 

i 

i 

I 

I 

I 

» 

f 

I 

I 

% 

I 

i 

* 

I 

1 

i 

i 

f 

I 

I 

I 

i 

I 

* 

I 

t 

i 

i 

i 


I 

5 

i 

? 

I 

I 

I 

i 

i 

i 

% 

I 

I 

? 

i 

I 

8 

* 

i 

I 

? 

* 

8 

t 

i 

i 

1 

i 

I 

« 

i 

i 

i 

i 

i 

i 


i 

I 

i 


COMPUTERWORLD  ■  AUGUST  4,  2008 


■  FEATURES 

20  Is  Google  Your 
Next  Data  Center? 

COVER  STORY:  Lower  costs,  snap  upgrades  and  other 
benefits  of  cloud  computing  are  leading  more  IT  organi¬ 
zations  to  pass  along  traditional  infrastructure  activities 
like  storage  and  server  management  to  managed  ser¬ 
vices  providers.  How  will  this  trend  shape  tomorrow’s  IT 
department? 

26  Green  From  the  Roots 

As  hardware  vendors  pay  more  attention  to  the  envi¬ 
ronment,  we’re  seeing  IT  products  that  require  fewer 
resources  (and  toxins)  to  manufacture  and  less  power  to 
run.  And  they’re  easier  to  refurbish  or  recycle. 


H  DEPARTMENTS 

14  On  the  Mark:  Mark  Hall  re¬ 
ports  on  the  push  for  CIOs  to  become 
carbon  information  managers. 


16  The  Grill:  Obsolescence  expert 

Peter  Sandborn  talks  about  an¬ 
ticipating  obsolescence,  dealing  with 
it  and  understanding  that  it’s  part  of 
Microsoft’s  business  plan. 


25  QuickStudy:  Cloud  Com¬ 
puting.  It  overlaps  with  grid  comput¬ 
ing,  utility  computing,  virtualization 
and  clustering  but  has  its  own  mean¬ 
ing:  the  ability  to  connect  to  software 
and  data  on  the  Internet  instead  of  on 
your  hard  drive  or  local  network. 

29  Security  Manager’s  Jour¬ 
nal:  A  Security  Roundup  in  20 
Minutes  Flat.  Mathias  Thurman 
has  a  chance  to  make  the  case  for 
better  security  every  quarter.  But  he 
needs  to  be  quick. 


32  Career  Watch:  What  are 
workplace  narcissists  costing  your 
company? 

34  Shark  Tank;  Computer  en¬ 
gineering  grad  students  come 
down  from  the  ivory  tower 
to  lay  out  a  data  center. 

Guess  what  happens. 


■  ALSO  IN  THIS  ISSUE 
Online  Chatter 


3 

34 


COVER:  PHOTOILLUSTRATION  BY 
STEPHEN  WEBSTER 


Company  index 


EDITOR’S  NOTE 


Don  Tennant 


Too  Many  Enemies 


MY  SUGGESTION  in  last  week’s  column  that 
U.S.  companies  should  be  allowed  to  compete 
in  Cuba  hit  a  raw  nerve  with  some  readers  who 
read  the  suggestion  as  some  sort  of  endorse¬ 
ment  of  the  Castro  regime. 


One  who  summed  up 
my  position  as  “left-wing 
baloney”  seemed  to  speak 
for  a  lot  of  readers  who 
commented  on  the  article. 

What  had  gotten  me 
thinking  about  Cuba  was 
an  interview  I’d  conducted 
with  Allison  Watson, 
Microsoft’s  corporate  vice 
president  in  charge  of  the 
worldwide  partner  group. 

I  noted  that  when  I  asked 
Watson  whether  she  was 
aware  of  any  Microsoft 
partners  that  have  done 
business  with  Cuba,  Iran 
or  North  Korea,  I  was  in¬ 
trigued  by  what  she  said 
about  Cuba. 

“Frankly,  from  a  Cuba 
perspective,”  she  said, 

“ Cuba’s  not  a  bad  word 
to  anyone  outside  of  the 
United  States.”  I  agreed, 
and  said  that  the  lack  of  en¬ 
gagement  is  hurting  no  one 
more  than  U.S.  companies. 

Watson’s  statement 
prompted  another  reader 
to  chime  in  that  “it  is 
palpably  untrue  that  the 
Cuban  government  is  not 
criticized  outside  of  the 
U.S.  The  list  would  in¬ 
clude,  but  not  [be]  limited 
to,  the  U.N.,  the  EU,  Mexi¬ 
co,  Spain  and  France.” 

Yet  as  all  too  often 


happens  in  this  sort  of 
discussion,  the  rebuttal 
mischaracterizes  the  origi¬ 
nal  statement.  The  reader 
claimed  that  Watson  said 
no  one  outside  of  the  U.S. 
criticizes  the  Cuban  gov¬ 
ernment,  but  that’s  not 
even  close  to  what  she 
actually  said.  Pointing 
out  that  Cuba  isn’t  a  “bad 
word”  outside  of  the  U.S. 
isn’t  to  say  that  it’s  not  crit¬ 
icized.  It  says  simply  that 
overseas,  Cuba’s  not  seen 
as  the  bad  place  the  U.S. 
government  characterizes 
it  to  be.  Outside  of  the  U.S., 
it’s  not  the  enemy. 

Is  it  a  mischaracteriza- 
tion,  in  turn,  to  suggest 
that  the  U.S.  considers 
Cuba  an  enemy?  Clearly, 
our  government  opposes 
those  in  authority  in  Cuba, 
and  with  good  reason.  But 
is  it  really  our  enemy? 

Unfortunately,  it  ap¬ 
pears  that  it  is.  On  July  15, 

H  Our  government 
opposes  those  in 
authority  in  Cuba, 
and  with  good 
reason.  But  is  the 
nation  reafiy  our 
enemy? 


the  U.S.  Attorney’s  Office 
for  the  District  of  Colo¬ 
rado  announced  that  it 
was  charging  Platte  River 
Associates,  a  Boulder  soft¬ 
ware  company,  with  “trad¬ 
ing  with  the  enemy.”  That 
“enemy”  is  Cuba. 

The  feds  allege  that  in 
2000,  Platte  River  “pro¬ 
vided  specialized  techni¬ 
cal  computer  software  and 
computer  training,  which 
was  then  used  to  create  a 
model  for  the  potential  ex¬ 
ploration  and  development 
of  oil  and  gas  within  the 
territorial  water  of  Cuba.” 
Said  U.S.  Attorney  Troy 
Eid:  “Knowingly  exporting 
sensitive  U.S.  technology 
to  Cuba  amounts  to  ‘trad¬ 
ing  with  the  enemy’  under 
federal  law  and  won’t  be 
tolerated.” 

Whether  or  not  you 
agree  with  the  trade  em¬ 
bargo,  the  fact  remains 
that  if  this  company  or  any 
company  violates  U.S.  law, 
it  should  be  punished.  The 
law  is  the  law.  My  concern 
is  that  there  appears  to  be 
a  prosecutorial  overzeal¬ 
ousness  when  it  comes  to 
trading  with  this  particu¬ 
lar  “enemy.” 

According  to  a  report  in 
the  Daily  Camera  online 


newspaper  in  Boulder, 
attorney  Lee  Foreman 
explained  that  Platte 
River  sold  the  software  to 
Repsol,  a  petroleum  com¬ 
pany  in  Spain.  A  Repsol 
employee  subsequently  \ 
went  to  Boulder  for  train¬ 
ing,  and  someone  from 
Platte  River  noticed  that 

! 

the  seismic  data  involved 
was  related  to  the  Carib¬ 
bean  and  Cuba,  the  Daily 
Camera  reported,  based  on  ! 
Foreman’s  explanation. 

Citing  the  Daily  Camera 
report,  Clif  Burns  made  an 
excellent  point  in  the  Ex- 
portLawBlog.  “Platte  River 
sold  software  to  a  Spanish 
company  that  then  fed  data  J 
into  the  program  relating  to  j 
areas  around  Cuba,”  Burns 
wrote.  “Is  Microsoft  going 
to  go  to  jail  for  selling  Excel  » 
to  a  Canadian  company 
that  then  uses  the  program  j 
to  analyze  its  sales  figures, 
including  sales  to  Cuba?” 

However  straightfor¬ 
ward  or  convoluted  this 
turns  out  to  be,  the  feds 
would  do  well  to  ponder 
a  comment  from  another 
Computerworld  reader. 

“Maintaining  and  mak¬ 
ing  friends  is  difficult,”  this  j 
reader  wrote.  “Seeing  and 
making  enemies  is  easy.” 

We  need  to  be  more 
willing  to  do  the  difficult. 

We  have  too  many  en¬ 
emies  as  it  is.  ■ 

Don  Tennant  is  editorial 
director  of  Computerworld  I 
and  InfoWorld.  Contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld.com/  ! 
tennant. 
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RESPONSES  TO: 

Corporate  IT  Can 
Learn  a  Lot  From 
Web  2.0  Coders 

July  11, 2008 


Heather  Havenstein’s  article  was 
intriguing.  Unfortunately,  I  felt  it 
missed  the  mark  in  a  few  places. 

1.  Break  the  barrier  between  develop¬ 
ers  and  end  users. 

Good  IT  shops  have  been  doing 
this  for  years.  One  of  my  professors 
back  in  1984  preached  the  mantra  of 
involving  users  upfront.  This  is  not 
Application  Development  2.0  —  this 
is  good  practice,  period. 

2.  Keep  it  simple. 

Again,  this  is  something  that 
good  development  shops  have  been 
preaching  for  years. 

3.  Stick  to  the  script. 

Often,  scripts  are  poorly  docu¬ 
mented.  If  a  developer  leaves,  oth¬ 
ers  have  difficulty  making  updates, 
modifications  or  enhancements. 

5.  Let  the  users,  not  the  developers, 
determine  new  features. 

I  worked  in  one  environment 
where  the  president  of  IT  deter¬ 
mined  the  features,  not  the  us¬ 
ers.  He  was  fired  after  about  nine 


months  of  that  nonsense. 

Application  Development  2.0  just 
sounds  like  good  practices  used  by 
good  IT  shops  for  the  last  20  years. 

■  Submitted  by:  Anonymous 

App  Dev  2.0?  Letting  qualified  us¬ 
ers  guide  software  development 
has  been  common  practice  for 
years.  Having  software  in  a  con¬ 
tinuous  improvement  cycle  isn’t 
new  either.  However,  revisiting 
lessons  learned  in  software  devel¬ 
opment  is  always  useful,  especially 
applying  those  lessons  to  new  soft¬ 
ware  tools. 

■  Submitted  by:  Anonymous 

Three  of  the  points  were  taught 
to  me  a  looooong  time  ago  at  school. 
1:  There  should  be  minimal  barriers 
between  developers  and  users. 

2:  Simplicity  makes  it  easier  to 
maintain.  5:  If  there  is  a  good  rela¬ 
tionship  between  developers  and 
users,  the  users  will  be  more  com¬ 
fortable  asking  for  new  features. 

■  Submitted  by:  Anonymous 

JOIN  THE  CHATTER!  You,  too,  can 
comment  directly  on  our  stories, 

at  computerworld.com. 


Find  these  stories  at  computerworid.com/more 


AquaConnecf 
Helps  Macs,  Others 
Share  Desktop  Apps 

This  Mac  terminal  server 
offers  a  surprisingly  simple 
setup  and  is  easy  to  use,  and 
it  manages  to  support  a  very 
broad  base  of  clients,  says 
Ryan  Faas.  But  AquaConnect 
is  a  newer  product,  so  planning  and  testing 
are  very  much  required. 

How  to  Configure  and  Deploy 
The  iPhone  3G  for  Business 

Before  the  iPhone  can  rival  the  BlackBerry 
in  the  workplace,  IT  admins  will  have  to 
figure  out  how  to  deploy  it  to  end  users. 

Part  1  of  a  three-part  series  focuses  on 
activation  and  configuration. 
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What  Are  You  Doing  for  Me, 
And  Why  Don’t  I  Know  It? 

Without  a  formal  communication  plan, 
you  could  find  your  IT  function  being 
outsourced  without  your  knowledge. 

One  former  CIO  outlines  what  this  plan 
should  include. 


Opinion:  Why  Expensive 
Cell  Phones  Are  Worth  It 


It’s  always  good  to  econo¬ 
mize.  But  saving  a  few 
bucks  on  a  cheaper  hand¬ 
set  is  almost  always  a  bad 
idea,  argues  Mike  Eigan; 
it  usually  makes  sense  to 
buy  the  phone  you  really 
want.  Here’s  how  to  justify 
its  cost. 
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to  quickly 
patch  their  DNS  servers,  de¬ 
spite  the  performance  prob¬ 
lems  disclosed  by  Microsoft 
Corp.  and  Internet  Systems 
Consortium  Inc.  (ISC).  Add¬ 
ing  even  more  fuel  to  the 
fire  is  the  fact  that  Dan  Ka¬ 
minsky,  the  researcher  who 
discovered  the  flaw,  plans  to 
detail  it  at  this  week’s  Black 
Hat  IJSA  2008  conference. 

In  a  mailing-list  message 
last  Monday,  Paul  Vixie, 
the  ISC’s  president,  said 
that  systems  administrators 
shouldn’t  roll  back  the  patch¬ 
es  for  the  group’s  Berkeley 
Internet  Name  Domain 
software,  even  if  their  serv¬ 
ers  are  running  more  slowly 
than  before.  “The  vulnerabil¬ 
ity  is  of  more  concern  than  a 


released  in  early 
July  to  protect 
against  a  critical 
flaw  in  the  Domain  Name 
System  protocol  have 
slowed  servers  running 
the  Internet’s  most  popular 
DNS  implementation  and 
crippled  some  Windows 
Server  systems. 

Meanwhile,  security  re¬ 
searcher  HD  Moore  —  who 
helped  craft  the  first  exploit 
code  to  be  publicly  released 
for  the  flaw  —  claimed  last 
week  that  hackers  were 
actively  taking  advantage 
of  the  cache-poisoning  vul¬ 
nerability  using  previously 
unknown  exploits. 

If  Moore  is  right,  that  puts 
even  more  pressure  on  com- 


THE  WEEK  AHEAD 

MONDAY:  LinuxWorld  opens  in  San  Francisco,  and  Sybase 
kicks  off  its  annual  user  conference  in  Las  Vegas. 

TUESDAY:  Cisco  plans  to  report  its  Q4  financial  results. 

WEDNESDAY:  The  “briefings”  portion  of  the  Black  Hat  USA 
2008  conference  starts  in  Las  Vegas,  with  presentations  by 
various  security  researchers  (see  related  story,  below). 

FRIDAY:  The  Defcon  hackers’  convention  follows  Black  Hat. 


SECURITY 

Encryption 
Not  a  Snap 
For  Feds 


slow  server,”  he  wrote. 

BIND  is  distributed  by 
vendors  such  as  Novell,  Red 
Hat  and  Sun  Microsystems, 
all  of  which  have  released 
the  updated  versions  of  the 
ISC’s  software  to  their  cus¬ 
tomers  and  urged  IT  manag¬ 
ers  to  install  the  upgrades. 

In  his  message,  Vixie  said 
that  when  ISC  developers 
were  building  the  initial 
patches,  they  became  aware 
of  a  problem  that  could  af¬ 
fect  the  performance  of  high- 
traffic  DNS  servers.  But  he 
added  that  because  of  the 
risks  posed  by  the  flaw,  “we 
chose  to  finish  the  patches 
ASAP”  and  accelerate  work 
on  updates  designed  to  fix 
the  problem. 

Separate  port-allocation 
issues  were  found  after  the 
patches  were  released,  Vixie 
said.  Those  are  also  sup¬ 
posed  to  be  addressed  in 
the  updated  patches,  which 
were  scheduled  to  become 
available  late  last  week. 

Microsoft  issued  a  mea 
culpa  about  its  DNS  update 
on  July  17,  saying  that  the 
patch  was  crippling  some 
machines  running  its  Win¬ 
dows  Small  Business  Server 
suite.  Then,  on  July  25,  it  said 
the  patch  could  also  affect 
some  network  services  on 
systems  running  Windows 
Server  2008,  Windows  Serv¬ 
er  2003  and  Windows  2000. 
In  both  instances,  Microsoft 
detailed  work-arounds. 

—  Gregg  Keizer 


Despite  a  string  of  data 
breaches,  only  about  30% 
of  the  laptops  and  mobile 
devices  used  at  24  federal 
agencies  had  encryption 
tools  as  of  last  September, 
according  to  a  report  issued 
last  week  by  the  Govern¬ 
ment  Accountability  Office. 

And,  the  GAO  said,  tests  at 
six  agencies  found  various 
implementation  shortcom¬ 
ings,  including  configuration 
errors,  a  lack  of  training  and 
insufficient  monitoring  of 


Mobile  encryp¬ 
tion  lags  behind 
federal  efforts  to 
encrypt  network- 
based  data,  the 
GAO  said. 


the  encryption  tools  in  use. 

The  White  House  Office 
of  Management  and  Budget 
recommended  in  2006  that 
agencies  encrypt  all  sensitive 
data  stored  on  mobile  sys¬ 
tems.  It  then  required  them 
to  do  so  in  May  of  last  year. 

But  the  0A0  said  some 
agencies  were  still  unsure  of 
the  mandate’s  “applicabil¬ 
ity.”  None,  it  added,  had  cre¬ 
ated  “comprehensive  plans” 
to  guide  their  rollouts. 

-  GRANT  GROSS, 
IDG  NEWS  SERVICE 
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How  Do  You  Get 
Premium  3-Phase 
Technology  at  a 
Lower  Cost? 


By  Choosing  Tripp  Lite,  You  Receive  Superior  Performance 
and  Advanced  Features — Typically  at  a  Savings  of  10%-25%! 


Tripp  Lite's  new  SmartOnline™  Modular  3-Phase  UPS  Systems  provide  the  highest  level  of  power  protection  for  your  enterprise 
(40-80  kVALThey  offer  double-conversion  on-line  operation  and  zero  transfer  time  to  battery  to  protect  your  mission-critical 
equipment  from  every  power  problem  on  the  AC  line. 

But  that’s  not  all.  Not  only  are  Tripp  Lite's  SmartOnline™  Modular  3-Phase  UPS  Systems  priced  lower  than  the  competition, 
they  also  lower  your  overall  costs: 
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Tripp  Lite  World  Headquarters  / 
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Save  money  on  battery  replacement.  The  industry's  widest  voltage  correction  range  ensures 
longer  battery  service  life  and  reduces  battery  replacement  costs. 

Reduce  electrical  bills.  Higher-efficiency  Economy  or  "Green”  mode  (at  96%  AC-AC  conversion) 
switches  to  on-line  operation  only  when  needed. 

Eliminate  network  downtime.  N+1  modular  architecture  allows  for  fail-safe  redundancy 
because  multiple  power  modules  can  be  hot-swapped  (with  the  load  powered)  if  maintenance 
or  replacement  is  required.  No  downtime  =  no  money  lost! 

Reduce  installation  costs.  Lower  (<3%)  total  harmonic  distortion  orTHDi  allows  your  current 
generators  to  run  cooler  and  last  longer,  which  means  you  don't  need  to  purchase  oversized- 
generators,  cables  and  breakers. 

Increase  capacity.  1  +  1  parallel  capability  allows  for  redundancy  by  connecting  two  3-phase 
UPS  Systems  to  a  single  equipment  load.  If  one  UPS  is  removed  or  taken  offline,  the  second 
UPS  supports  the  load  automatically! 

Tripp  Lite  SmartOnline  3-Phase  UPS  Systems  are  ideal  for  protecting  and  supporting  mission- 
critical  equipment  in  data  centers,  call  centers,  VoIP  telecom  applications, 
hospitals,  schools,  factories  and  more.  For  total  protection  for 
your  enterprise  and  your  budget,  choose  Tripp  Lite. 


To  find  the  right  3-Phase  UPS  System  for  your 
application,  go  to  tripplite.com/3phase 
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Stock  Exchanges  Start 
Thinking  in  Microseconds 


SERVERS  &  DATA  CENTERS 


IN  THE  machine-vs.- 
machine  world  of  finan¬ 
cial  trading,  where  IT 
is  constantly  trying  to 
increase  performance, 
transaction  times  are  now 
being  measured  in  incre¬ 
ments  of  microseconds. 

Over  the  past  year,  for 
example,  the  New  York 
Stock  Exchange  and  CME 
Group  Inc.,  which  operates 
the  Chicago  Mercantile 
Exchange  and  the  Chicago 
Board  of  Trade,  have  begun 
to  frame  their  thinking 
in  units  of  microseconds 
as  they  look  for  ways  to 
improve  their  transaction¬ 
processing  throughput. 

“It’s  all  at  the  microsec¬ 
ond  level  right  now,”  said 
Steve  Rubinow,  CIO  at 
NYSE  Euronext  Inc.,  which 
operates  the  NYSE  and  the 
Amsterdam-based  Euro¬ 
next  stock  exchange. 

Thanks  to  improvements 
in  hardware,  networking 
and  trading  algorithms,  the 
time  it  takes  exchanges  like 
the  NYSE  and  the  CME 
to  complete  transactions 
is  heading  into  the  single- 


microsecond 
level  right  now. 


STEVE  RUBINOW,  CIO. 
NYSE  EURONEXT  INC. 


digit-millisecond  range. 

At  such  extreme  speeds, 
microseconds  matter  —  a 
lot.  A  microsecond-level 
performance  improvement, 
multiplied  across  systems 
that  are  processing  mil¬ 
lions  of  transactions  per 
hour,  can  quickly  add  up  to 
a  competitive  advantage. 

“We  got  pulled  into  it,” 
John  Hart,  CME’s  manag¬ 


ing  director  of  technology 
engineering,  said  of  mea¬ 
suring  in  microseconds. 

And  as  the  performance- 
measurement  levels  get 
finer,  the  IT  staffs  at  the 
exchanges  are  trying  to 
eke  out  improved  response 
times  by  upgrading  inter¬ 
connects,  tweaking  oper¬ 
ating  systems  and  testing 
new  systems. 

For  instance,  CME  is 
already  piloting  the  first 
blade  server  version  of 
Hewlett-Packard  Co.’s 
NonStop  fault-tolerant 
systems  technology.  Hart 
said  the  blade,  which  HP 
announced  in  June,  offers 
twice  as  much  throughput 
as  earlier  NonStop  models. 

Rubinow  recently  met 
with  a  representative  from 
a  storage  maker  who  told 
him  a  new  system  could 
deliver  “submillisecond” 
response  times.  Rubinow 
asked,  “Do  you  mean  900 
microseconds  or  100  micro¬ 
seconds?  Because  that’s  a 
world  of  difference  to  us.” 

The  rep  said  he  wasn’t 
sure  and  hadn’t  been  asked 
that  question  before.  “Well, 
get  used  to  it,”  Rubinow 
responded,  “because  every¬ 
body  in  this  industry  is  go¬ 
ing  to  ask  that  question.” 

—  Patrick  Thibodeau 


Short 

lakes 

Sun  Microsystems  Inc., 

after  reporting  that  its 
profit  dropped  sharply  to 
$88  million  in  its  fourth 
quarter,  warned  that  U.S. 
economic  woes  will  mean 
lower  IT  budgets  and 
smaller  deals. 

IBM  has  agreed  to  buy 
Hog  SA  for  about  $335 
million  in  cash.  IBM  said 
that  it  plans  to  combine 
llog’s  business  rules  man¬ 
agement  software  with  its 
BPM  and  business  optimi¬ 
zation  tools. 

has  agreed 
to  acquire  Reconnex  Inc. 

for  $46  million  in  cash. 
McAfee  plans  to  roll  the 
Reconnex  products  into 
its  data-protection  prod¬ 
ucts.  The  deal  is  expected 
to  close  next  month. 


CORRECTION 

The  consulting  firm  that 
issued  a  report  titled  “The 
State  of  Enterprise  IT  Bud¬ 
gets:  2008”  was  incor¬ 
rectly  identified  in  a  story 
in  the  July  21  issue  ("Six 
Stupid  IT  Budget  Tricks”). 
The  report  came  from 
Forrester  Research  Inc. 
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HARDWARE 


Microsoft  Offers  Glimpse  of 
Its  New  Sphere  Computer 


MICROSOFT  C0RP.  showed  off 
its  new  Sphere  computer  last 
week. 

The  machine,  which  was  fea¬ 
tured  at  the  vendor’s  Research 
Faculty  Summit  in  Redmond, 
Wash.,  is  still  a  research  proto¬ 
type.  It  uses  a  touch-screen 
orb  instead  of  a  traditional  flat- 
screen  monitor. 

The  system  combines  touch 


capabilities  with  a  projector 
and  an  infrared  camera,  noted 
Hrvoje  Benko,  a  Microsoft  Re¬ 
search  human-computer  inter¬ 
action  specialist,  in  a  blog  post. 

Microsoft  engineers  have  so 
far  developed  a  picture  and 
video  browser,  as  well  as  three 
applications  for  the  system. 

“It’s  important  in  that  someone 
is  spending  time  and  money  to 


Microsoft  researcher  Hrvoje 
Benko  with  a  prototype  of  the 
new  Sphere  computer. 

look  at  different  ways  to  design 
and  use  computers,”  said  Dan 
Olds,  an  analyst  at  Gabriel  Con¬ 
sulting  Group  Inc.  “You  never 
know  where  [it]  might  lead.” 


Microsoft  also  showed 
attendees  a  deployment 
of  2,000  internally  built 
temperature  and  humidity 
sensors  that  it’s  using  to 
control  energy  consump¬ 
tion  at  its  facilities. 

Jie  Liu,  a  Microsoft  research¬ 
er,  would  not  say  whether  Micro¬ 
soft  plans  to  commercialize  the 
technology,  though  he  noted 
that  “there  is  lots  of  interest.” 

-  SHARON  GAUDIN, 
WITH  NANCY  G0HRING  OF 
THE  IDG  NEWS  SERVICE 
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Your  potential.  Our  passion. 

Microsoft 


Dell.com  is  one  of  the  world's  largest  and  most  advanced  e-commerce 
sites.  As  a  technology  leader,  Dell  relies  on  Windows  Server- 2008 
for  the  flexibility  and  reliability  needed  to  support  a  mission-critical 
environment  where  downtime  is  not  an  option.  Get  the  full  story  at 

serverunleashed.com 
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BETWEEN  THE  LINES 


By  John  Klossner 


m  NEWS  DIGEST 


INTERNET 

NASA  Archive  Project 
Puts  Historic  Images  Online 


NASA  late  last  month 
launched  an  interac¬ 
tive  Web  site  that 
initially  combines  21  of  the 
space  agency’s  separately 
stored  and  managed  imag¬ 
ery  collections  into  a  single 
online  resource. 


< 
c n 
< 
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alliances  at  NASA. 

“There’s  a  lot  more  to 
come,”  she  said,  noting 
that  ultimately,  millions  of 
NASA’s  images  will  be  made 
available  online  to  the  pub¬ 
lic  and  to  researchers. 

In  about  a  year,  the  part¬ 
nership  will  start  working 
on  the  enormous  task  of 
digitizing  still  images,  films, 
film  negatives  and  audio 
content,  some  of  which 
dates  back  to  1915,  according 
to  Rivera. 

The  Internet  Archive 
will  manage  and  host  the 
interactive  image  gallery 
on  its  cluster  of  2,000  Linux 
servers  at  its  San  Francisco 
headquarters,  said  John 
Hornstein,  director  of  the 
NASA  images  project  for 
the  archive  service. 

—  Brian  Fonseca 


Electronic  Data  Systems 

Corp.’s  stockholders 
approved  the  proposed 
$13.9  billion  sale  of  EDS  to 

Hewlett-Packard  Co. 

In  its  first  out-of-cycle 
security  alert  since  adopt¬ 
ing  a  quarterly  patching 
schedule  three  years  ago, 
warned  of  an 


I 


unpatched  vulnerability  in 
its  WebLogic  software  and 
detailed  a  work-around. 

10  YEARS  AGO:  The  U.S. 
Securities  and  Exchange 
Commission  set  strict 
guidelines  on  what  public 
companies  had  to  disclose 
about  the  Year  2000  com¬ 
puter  issues  they  faced. 


The  original  seven  Mercury 
astronauts,  who  were  selected 
by  NASA  on  April  9, 1959. 

The  first  implementa¬ 
tion  of  the  online  archive, 
jointly  developed  with  the 
nonprofit  Internet  Archive, 
includes  more  than  140,000 
digitized  high-resolution 
photos,  audio  and  film  clips 
of  Apollo  lunar  missions, 
videos  showing  the  evolu¬ 
tion  of  spacecraft  and  their 
internal  designs,  and  more. 

More  images  will  be 
added  to  future  versions  of 
the  archive,  which  is  being 
created  as  part  of  NASA’s 
five-year  agreement  with 
the  Internet  Archive. 

The  2007  agreement  also 
calls  for  the  site  to  eventu¬ 
ally  be  enhanced  with  Web 
2.0  tools  such  as  wikis  and 
blogs,  according  to  Debbie 
Rivera,  manager  of  strategic 


Global , 
Dispatches 

Alcatel-Lucent 
Execs  Jump  Ship 

PARIS  -  Alcatel-Lucent  CEO 
Patricia  Russo  and  Chairman 
Serge  Tchuruk  announced 
plans  to  resign  their  posts  by 
year’s  end. 

The  announcement  came  at 
the  same  time  the  Paris-based 
telecommunications  firm  re¬ 
ported  a  second-quarter  loss 
of  €1.1  billion  ($1.7  billion  U.S.), 
almost  double  its  €586  million 
($912  million  U.S.)  loss  in  the 
same  quarter  a  year  earlier. 

The  company  contended 
that  the  poor  results  did  not 
prompt  the  departures.  Rather, 
it  said,  with  the  2007  merger 
of  Lucent  Technologies  Inc. 
and  Alcatel  SA  now  complete, 
the  company  needs  a  smaller 


McKinnon  maintains  that 
the  hacking  caused  no  harm. 
Jeremy  Kirk, 

IDG  News  Service 

BRIERY  NOTED 
Frank  Huang,  chairman  of 
Hsinchu,  Taiwan-based 
memory  chip  maker  Powerchip 
Semiconductor  Corp.,  was 
charged  last  week  with  con¬ 
ducting  insider  stock  trading 
prior  to  his  company’s  unsuc¬ 
cessful  2006  bid  to  buy  Mac- 
ronix  International  Co.,  which 
is  also  in  Hsinchu.  Huang  faces 
four  and  a  half  years  in  prison 
and  a  fine  of  $60  million  New 
Taiwan  ($1.95  million  U.S.). 
Dan  Nystedt, 

IDG  News  Service 


board  and  new  management. 
Peter  Sayer, 

IDG  News  Service 


British  Hacker 
Faces  Extradition 

LONDON -The  highest  U.K. 
court  last  week  dismissed 
a  British  hacker’s  appeal  of 
an  extradition  order  to  face 
charges  of  breaking  into  U.S. 
military  computers  to  uncover 
evidence  of  UFOs. 

Gary  McKinnon,  42,  of  Lon¬ 
don,  would  be  the  first  person 
to  be  extradited  to  the  U.S.  for 
computer-related  crimes,  if  a 
final  appeal  to  the  European 
Court  of  Human  Rights  fails.  He 
faces  up  to  60  years  in  prison. 

McKinnon  has  admitted  that 
he  used  a  program  called 
RemotelyAnywhere  to  hack 
into  PCs  in  the  U.S. 

U.S.  officials  say  the  intru¬ 
sions  disrupted  military  com¬ 
puter  networks. 
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Their  computer. 
Your  brain. 


GoToAssist  Express  lets  you  view  and  control  your 
customer’s  computer  online,  so  you  can  use  your 
expertise  to  fix  the  problem  yourself.  Resolve  the  issue, 
keep  your  customer  satisfied  and  move  on  to  the  next 
task.  Support  smarter  with  GoToAssist  Express. 

Try  it  free  for  30  days  at  gotoassist.com/computer. 
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■  NEWS  ANALYSIS 


Data  Explosion  Forcing  IT 
To  Seek  New  Backup  Tools 


Managers  must  carefully 
consider  the  consequences 
of  quickly  switching  vendors 
to  get  the  right  technology. 

By  Brian  Fonseca 


The  need  to  control 
and  secure  a  con¬ 
tinuing  explosion 
of  data  across  the 
corporate  world  is  forcing 
IT  managers  to  constantly 
be  on  the  lookout  for  new 
equipment  that  can  handle 
perpetually  evolving  re¬ 
quirements. 

According  to  analysts  at 
Gartner  Inc.,  there  appears 
to  have  been  a  significant 
increase  in  corporate  users 
looking  to  replace  their  back¬ 
up  systems  in  recent  months. 


“I  would  say  that  in  the 
last  year  and  year  and  a  half, 
we’ve  seen  a  big  jump,”  said 
Alan  Dayley,  an  analyst  at 
the  research  firm. 

In  a  Gartner  survey  of 
70  IT  managers  last  month, 
66%  of  the  respondents  said 
that  they’re  planning  major 
redesigns  of  backup  and 
recovery  systems  within 
12  months,  according  to 
Dayley. 

Meanwhile,  in  a  survey 
of  395  IT  managers  by  En¬ 
terprise  Strategy  Group 


Inc.  (ESG),  more  than  half 
of  the  respondents  said  that 
they  have  changed  primary 
backup  suppliers  over  the 
past  three  years. 

Lauren  Whitehouse,  an 
analyst  at  the  Milford,  Mass.- 
based  analyst  firm,  noted  that 
more  and  more  IT  managers 
are  painfully  realizing  that 
their  outdated  or  poorly- 
performing  backup  tools 
can’t  handle  shrinking  back¬ 
up  windows  and  the  complex 
management  needs  of  their 
ever-growing  data  stores. 

Many  companies  are 
looking  to  quickly  install 
products  that  offer  relatively 
new  features  such  as  data 
de-duplication  and  the  abil¬ 
ity  to  perform  incremental 
and  continuous  snapshots  of 
virtual  disks. 

At  the  same  time,  some 
companies  are  in  a  rush  to 


include  updates  of  storage 
systems  in  major  IT  projects 
like  data  center  consolida¬ 
tions,  application  and  in¬ 
frastructure  upgrades,  and 
server  virtualization  efforts. 

“I  liken  it  to  building  an 
addition  to  your  house; 
you’re  not  going  to  take  an 
old  light  fixture  and  put 
it  in  a  new  room,”  noted 
Whitehouse.  “There  are 
special  conditions  with  an 
overhauled  [IT]  environ¬ 
ment,  and  you  have  to  look 
for  a  backup  solution  that  is 
tuned  for  it.” 

Prior  to  moving  to  a  new 
backup  software  vendor,  IT 
managers  must  make  sure 
that  processes  are  in  place 
to  protect  data  before,  dur¬ 
ing  and  after  a  migration. 
They  must  also  analyze  how 
switching  storage  vendors 
would  affect  corporate  op¬ 
erations  such  as  real-time 
business  transactions, 
service-level  agreements 
and  compliance  efforts. 

And  once  a  new  backup 
system  is  installed,  IT  man¬ 
agers  should  evaluate  it  at 
least  once  a  year  to  be  sure 
that  it  is  keeping  up  with 
data  growth  and  security 
needs. 

Dave  McEldowney,  divi¬ 
sion  vice  president  of  IT  at 
Bar-S  Foods  Co.,  said  the 
meat  processor  and  dis¬ 
tributor  evaluated  the  secu¬ 
rity  risks  before  deciding  to 
replace  its  Galaxy  backup 
software  from  CommVault 
Systems  Inc.  last  year. 

He  said  the  company  de¬ 
termined  that  the  benefits 
of  changing  vendors  out¬ 
weighed  the  risks  because  of 
problems  with  the  product 
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—  which  Bar-S  had  used 
since  2000  —  and  with  its 
vendor. 

Phoenix-based  Bar-S 
turned  to  Symantec  Corp.’s 
Backup  Exec  lid  software 
after  Galaxy  failed  an  aver¬ 
age  of  six  times  per  year  and 
because  nearly  half  of  the 
data  backed  up  could  not  be 
restored. 

The  frequency  of  inef¬ 
fective  backups  led  Bar-S 
employees  to  copy  sensitive 
business  data  to  nonsecured 
thumb  drives  and  external 
storage  drives,  creating 
significant  security  issues, 
McEldowney  said. 

Even  though  Bar-S  was 
paying  yearly  maintenance 
fees,  he  said,  the  CommVault 
support  staff  didn’t  return 
phone  calls  for  help  or  assist 
with  installing  updates  of  the 
Galaxy  software. 

Further,  he  said  Galaxy 


lacked  a  strong  centralized- 
management  tool  and  had 
trouble  enabling  remote 
tape  backups  if  the  main 
data  center  went  offline. 

“It  was  a  wonderful  rela¬ 
tionship  until  we  paid  the 
bill  and  bought  the  soft¬ 
ware,”  said  McEldowney. 

Bar-S  runs  two  storage- 
area  networks  (SAN)  with 
4TB  apiece  in  a  virtualized 
Windows  Server  and  Red 
Hat  Linux  environment. 

McEldowney  said  he 
still  keeps  a  small  instance 
of  Galaxy  running  just  to 


ensure  that  off-site  backup 
tapes  that  weren’t  switched 
over  during  the  transfer 
process  can  still  be  read. 

Dave  West,  vice  president 
of  worldwide  marketing 
and  business  development 
at  Oceanport,  N.J.-based 
CommVault,  said  that  sev¬ 
eral  large  companies  use 
Galaxy  “in  just  the  way” 
Bar-S  did,  and  they  haven’t 
had  any  difficulties.  He 
called  the  Bar-S  criticism  a 
“rare  exception  rather  than 
the  norm.” 

Ohio  State  University’s 
communications  office  said 
it  had  a  similar  experience 
with  EMC  Corp.’s  Retrospect 
backup  software  because  of 
what  school  officials  called 
stagnant  updates  and  crude 
performance. 

Wayne  Tolliver,  a  depart¬ 
mental  systems  manager, 
said  the  communications 


ises  that  EMC  made  to 
support  updated  Apple  Inc. 
products  went  unfulfilled, 
and  that  IT  personnel  were 
forced  to  work  around  Apple 
upgrades,  such  as  Mac  OS  X 
vl0.4  (code-named  Tiger), 
which  was  released  in  2005. 

An  EMC  official  con¬ 
firmed  that  the  last  major 
update  to  Retrospect  for 
Mac  was  in  late  2005  but 
noted  that  the  company 
last  month  released  its  first 
Retrospect  Mac  client  that 
runs  natively  on  Intel-based 
Apple  processors. 

“What  drove  us  from 
Retrospect  was  lack  of  in¬ 
novation,”  said  Tolliver. 

“Our  environment  kept 
experiencing  growth,  and 
users  wanted  more  features 
for  backup.  We  just  couldn’t 
provide  it.  Keeping  the 
lights  on  with  Retrospect 
was  becoming  impossible.” 


based  Xserve  machines,  two 
Xserve  storage  RAID  units 
with  14  drives  each,  and  a 
Spectra  Logic  T50  tape 
library. 

Meanwhile,  Atlanta-based 
Newell  Rubbermaid  Inc.  is 
continuing  to  use  the  Comm¬ 
Vault  galaxy  software  it 
installed  in  2003  because  of 
its  ability  to  keep  up  with 
the  rapid  data  growth  at  the 
maker  of  housewares,  home 
furnishings  and  office  prod¬ 
ucts,  said  Matt  Frehner,  IT 
infrastructure  manager  at 
Rubbermaid. 

Frehner  said  the  company 
replaced  CA  Inc.’s  ArcServe 
product  in  2003  because 
Galaxy  promised  to  better 
keep  up  with  Newell’s  data 
growth  and  could  better 
support  the  company’s  move 
from  a  Novell  network  to  a 
Microsoft  network. 

“I  wanted  [a  product]  to 
grow  with  because  I  knew  at 
some  point  in  time  we  could 
go  from  gigabytes  to  tera¬ 
bytes,”  noted  Frehner.  The 
amount  of  data  the  company 
stores  has  mushroomed 
from  500GB  to  24TB  since 
2003,  and  CommVault’s 
tools  have  kept  pace. 

Last  month,  Frehner 
upgraded  from  Galaxy  to 
CommVault’s  next-generation 
Simpana  data  management 
suite,  which  adds  integrated 
search  and  discovery  fea¬ 
tures.  The  disk-  and  tape- 
based  tool  backs  up  13TB 
of  data  each  night  from  the 
company’s  SAN,  network- 
attached  storage  and  tape 
library  machines. 

In  an  ESG  survey  earlier 
this  year,  121  IT  managers 
listed  a  variety  of  events  that 
could  force  them  to  change 
backup  vendors  quickly. 
They  included  new  restric¬ 
tions  on  corporate  data 
access,  changes  in  security 
regulations,  poor  product 
performance  and  poor  cus¬ 
tomer  support.  ■ 


What  drove  us  from 
Retrospect  was  lack  of 
innovation.  Our  environ¬ 
ment  kept  [growing],  and  users 
wanted  more  features  for  backup. 
We  just  couldn’t  provide  it. 

WAYNE  TOLLIVER,  DEPARTMENTAL  SYSTEMS  MANAGER, 

OHIO  STATE  UNIVERSITY 


office  abandoned  the  EMC 
product  for  Atempo  Inc.’s 
Time  Navigator  4.2  backup 
tool  in  mid-2007. 

The  office,  which  handles 
Web  content,  print  and  live 
video  production  for  the 
university,  installed  Retro¬ 
spect  in  2004  after  it  adopt¬ 
ed  an  Apple-based  storage 
and  server  infrastructure. 

Tolliver  said  that  Retro¬ 
spect  development  “lan¬ 
guished”  after  EMC  acquired 
its  maker,  Dantz  Develop¬ 
ment  Corp.,  later  in  2004. 

He  contended  that  prom- 


Tolliver  said  EMC’s  back¬ 
up  software  could  not  easily 
support  large  files  created 
by  the  Ohio  State  multi- 
media  operation,  forcing 
IT  staffers  to  partition 
chunks  of  data  to  satisfy 
backup  requirements. 

EMC  now  says  it  plans 
to  deliver  a  version  of  Ret¬ 
rospect  for  the  Macintosh 
featuring  a  new  native  Intel 
engine  by  early  2009. 

The  communications 
office  runs  four  Apple 
PowerPC-based  Xserve 
servers,  two  Intel  Xeon- 
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HE  iPHONE  3G 
may  have  a  lock 
on  this  year’s 
Sexiest  Gadget 
title.  But  in  the 


pragmatic  world  of  corpo¬ 
rate  IT,  the  flashy  new  hand¬ 
held  is  no  pinup. 

That  was  the  case  when 
Apple  Inc.  introduced  the 
iPhone  3G  two  months  ago. 
And  it’s  even  more  so  now 
that  IT  managers,  indepen¬ 
dent  software  vendors  and 
analysts  can  actually  get 
their  hands  on  the  device. 

Apple  has  made  improve¬ 
ments  over  the  original 
iPhone,  primarily  through 
its  licensing  of  Microsoft 
Corp.’s  ActiveSync  technol¬ 
ogy.  But  from  a  corporate  IT 
standpoint,  the  3G  hardware 
and  its  companion  iPhone 
2.0  software  remain  less 
functional  and  mature  than 
their  BlackBerry  and  Win¬ 
dows  Mobile  counterparts. 

“It’s  a  great  product,  but 
it  has  a  ways  to  go,”  said  a 
senior  IT  official  at  a  large 
U.S.  company.  The  manager, 
who  asked  not  to  be  identi¬ 
fied,  evaluated  the  iPhone 
3G  but  decided  not  to  deploy 
it,  citing  configuration  and 
security  weaknesses  as  well 
as  shortcomings  in  tech  sup¬ 
port  and  even  usability. 

For  example,  basics  such 
as  the  ability  to  quickly 
search  e-mail  and  edit  cal¬ 
endar  entries  are  missing, 
the  manager  said,  adding 
that  IT  concerns  include  the 
lack  of  native  encryption 
capabilities  and  support  for 
saving  instant  messages. 

Manageability  and  secu¬ 
rity  are  two  big  areas  where 
the  iPhone  still  lags  behind 
its  more  established  rivals. 

Research  In  Motion  Ltd.’s 
BlackBerry  Enterprise  Serv¬ 
er  software  supports  cen¬ 
tralized  management  and 
both  AES  and  Triple  DES 
encryption,  and  it  provides 
more  than  200  predefined 


Not  There  Yet: 
The  iPhone 
Has  Some 
Growing  to  Do 


Apple’s  new  3G  model  still 
lags  behind  BlackBerry 
and  Windows  Mobile  devices 
for  corporate  IT  apps. 

By  Eric  Lai  and  Matt  Hamblen 


policies  for  enforcing  secu¬ 
rity  and  other  IT  settings. 

Microsoft  is  trying  to 
catch  up  to  RIM  with  its 
System  Center  Mobile  De¬ 
vice  Manager  tool,  which 
includes  125  built-in  policies 
for  Windows  Mobile  6.1 
phones.  A  second-tier  of¬ 
fering  gives  IT  managers  45 
preset  policies  as  part  of  the 
ActiveSync  implementation 
in  Exchange  Server  2007 
Service  Pack  1. 


IPhone  2.0  also  uses 
Exchange  ActiveSync,  but 
many  of  the  features  sup¬ 
ported  by  Microsoft  aren’t 
there,  including  the  ability  to 
natively  encrypt  data  and  to 
block  users  from  download¬ 
ing  third-party  software. 

Vivek  Kundra,  the  District 
of  Columbia’s  chief  technol¬ 
ogy  officer,  has  bought  10  of 
the  new  iPhones  for  testing. 
The  3G  could  provide  “the 
dream  convergence  we’ve 


waited  for”  in  a  handheld, 
he  said. 

But  without  native  en¬ 
cryption,  the  device  won’t 
be  used  in  public-safety  or 
other  critical  applications, 
Kundra  noted.  And  to  avoid 
problems  with  the  process 
of  loading  applications  onto 
iPhones,  he  plans  to  store 
a  variety  of  data  on  an  in¬ 
tranet  so  users  can  access  it 
via  the  device’s  browser. 

App  deployment  is  an  is¬ 
sue  because  of  the  need  to 
use  iTunes  and  Apple’s  new 
App  Store  to  add  software 
to  iPhones.  IT  managers  can 
create  lists  of  users  who  are 
allowed  to  download  spe¬ 
cific  applications  from  the 
App  Store,  but  that  approach 
doesn’t  scale  past  100  users. 

Apple  also  plans  to  let 
companies  set  up  mini  App 
Stores  on  their  own  serv¬ 
ers.  But  it  hasn’t  said  when, 
and  that  method  would  still 
require  iTunes  and  rely  on 
users  to  synchronize  their 
iPhones  with  their  PCs. 

And  although  500  third- 
party  applications  are  now 
available  for  the  iPhone, 
that  is  still  far  less  than  the 
18,000  and  4,000  apps  that 
can  be  had  for  Windows  Mo¬ 
bile  and  BlackBerry  devices, 
respectively,  at  Web  store¬ 
fronts  like  FIandango.com. 

Lifetime  Products  Inc., 
which  makes  tables,  chairs, 
sheds  and  other  products, 
has  390  employees  using 
Windows  Mobile  smart 
phones.  The  pressure  to 
support  iPhones  is  “al¬ 
ways  there,”  said  CIO  John 
Bowden.  But  Lifetime  runs 
a  Microsoft-based  workflow 
application  on  its  existing 
phones  and  is  deploying  the 
vendor’s  Dynamics  CRM 
software  for  its  sales  staff. 

Once  end  users  under¬ 
stand  the  benefits  they  can 
get  from  such  apps,  Bowden 
said,  “the  allure  of  the 
iPhone  fades  very  quickly.”  ■ 
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For  you,  it’s  a  problem  you  didn’t  see 


For  your  business,  it’s  a  customer 
you  won’t  see  coming  back. 


You  can’t  anticipate  every  problem.  But  Emerson  Network  Power  and  its 
Liebert  power  and  cooling  technologies  can  help  you  create  an  IT  infrastructure 
that  is  ready  for  anything— unplanned  outages,  unpredictable  growth  or 
unexpected  technologies. 

One  example  is  the  Liebert  NX,  a  software-scalable  UPS  that  can  double  in 
capacity  without  adding  or  modifying  hardware.  Download  our  white  paper. 
Powering  Change  in  the  Data  Center,  and  discover  what  Liebert  technologies 
can  do  for  your  operating  flexibility,  at  flexibility.liebert.com. 


Liebert  flexibility 

just  another  reason  why  Emerson  Network  Power  is  the  global  leader 
in  enabling  Business-Critical  Continuity 


EMEF 

Networl 


Emersor),  Business-Critical  Continuity  and  Liebert  are  trademarks  of  Emerson  Electric  Co.  or  one  of  its  affiliated  companies.  @2008  Emerson  Electric  Co. 


I 

I 


HOT  TRENDS  ■  NEW  PRODUCT  NEWS  ■  INDUSTRY  BUZZ  BY  MARK  HALL 


CIOs  Morph  Into  CIMs 

%  IOs  ARE  perfectly  positioned  to  become  the  carbon 
information  managers  as  well  as  the  IT  leaders  for  their 
organizations.  ■  Just  what  your  department  needs:  more 
work.  ■  Carbon  information  managers  will  play  “an 
emerging  role”  in  the  modern  enterprise,  according  to  a 
report  released  last  month  by  the  U.K.’s  Carbon  Disclosure  Project 
and  IBM.  CIMs  will  lead  the  push  to  define  how  businesses  measure 

goals,  some  of  them  calling  for  as 
much  as  a  50%  reduction  by  2020. 

Leading  a  companywide  effort 
to  cut  greenhouse  gas  production 
is  fraught  with  challenges,  Hodges 
acknowledges.  Risk-averse  CIOs  will 
be  leery  of  the  task. 

But  who  else  in  the  organization, 
he  asks,  has  insight  into  as  many 
departments  and  groups  as  the  head 
of  IT?  Hodges  also  contends  that  the 
tools  needed  to  measure  and  reduce 
greenhouse  gases  will  likely  be  IT- 
based,  making  CIOs  ideally  suited  to 
shoulder  the  duty  of  carbon  informa¬ 
tion  management. 

You  should  start  with  practical 
measures  in  IT  itself,  Hodges  ad¬ 
vises.  First  and  foremost,  remove 
useless  or  underused  gear.  And,  yes, 
turn  out  lights  in  rooms  without 
people.  Go  to  double-sided  printing. 
Eliminate  personal  printers  from 
offices  and  cubicles. 

Hodges  says  all  these  initiatives 
sound  simple,  but  they  involve  cor- 


their  carbon  footprints  and  oversee 
the  projects  that  are  needed  to  re¬ 
duce  those  footprints. 

And  have  no  doubt  that  it  will  be 
your  company’s  goal  to  reduce  its 
production  of  greenhouse  gases,  the 
report  says.  Not  just  to  curb  the  rate 
of  growth  of  production,  but  to  make 
true  cuts. 

“This  is  a  ma¬ 
jor,  long-term  is¬ 
sue,”  says  Richard 
Hodges,  CEO  of 
GreenIT  Inc.,  an 
IT  consultancy  in 
Sonoma,  Calif.  “It’s 
not  a  fad.” 

Hodges  says 
every  interna¬ 
tional  agreement 
he  knows  of  has 
set  greenhouse  gas 
targets  that  are  lower  than  today’s 
production  levels.  In  the  CDP/IBM 
report,  some  of  the  companies  pro¬ 
filed  lay  out  specific  carbon-emission 


W'k 

CIOs  should  lead 
efforts  to  reduce 
an  organization’s 
carbon  footprint, 
Hodges  argues 


porate  cultural  issues  that  can  ham¬ 
per  success. 

Rolling  out  a  new  ERP  system 
might  be  a  walk  in  the  park  com¬ 
pared  with  removing  a  seldom-used 
printer  from  a  VP’s  office. 

PhishMe  Targets 
Gullible  Users 

Intrepidus  Group  Inc.  in  Chantilly, 
Va.,  unveiled  its  PhishMe  service  late 
last  month.  In  effect,  it’s  a  tool  that 
lets  IT  departments  phish  their  own 
end  users. 

CEO  Rohyt  Belani  says  the  new 
software-as-a-service  offering  allows 
you  to  set  up  mock  phishing  attacks 
in  order  to  measure  how  aware 
employees  are  of  phishing  and  then 
educate  them  on  how  to  avoid  get¬ 
ting  hooked  by  phishers. 

Aaron  Higbee,  chief  technology 
officer  at  Intrepidus,  says  identity 
thieves  have  moved  beyond  target¬ 
ing  PayPal  and  eBay  users  and  are 
now  training  their  sights  on  corpo¬ 
rate  workers  with  what  are  called 
spearphishing  attacks.  In  these  at¬ 
tacks,  official-looking  e-mails  ask  re¬ 
cipients  to  do  things  such  as  update 
their  401(k)  information,  with  the 
intent  of  stealing  the  data,  and  pos¬ 
sibly  the  funds. 

Worse,  from  an  IT  security  per¬ 
spective,  are  spearphishing  mes¬ 
sages  that 

2.000 


Number  of  targeted 
spearphishing  attacks 
in  May,  according 
to  VeriSign. 


appear  to 
originate  from 
the  IT  depart¬ 
ment  and  ask 
end  users  to 
test  their  pass¬ 
words  by  clicking  on  a  link. 

Belani  says  you  can  run  the  tests 
on  your  users  multiple  times  and 
measure  their  (presumed)  improve¬ 
ment.  A  comic-strip  format  is  used  to 
show  those  who  take  the  phish  bait 
how  to  recognize  a  phishing  expedi¬ 
tion. 

Be  sure  to  include  your  top-level 
managers  in  any  tests  you  conduct, 
suggests  Higbee.  In  what  are  called 
“whaling  attacks,”  crimi¬ 
nals  specifically  target 
C-level  execs,  since  they 
(allegedly)  know  so  much 
about  the  business. 

PhishMe  pricing  starts 
at  $4,800.  ■ 


COMPUTERWORLD.COM 


C  MORE  BUZZ 

Discover  and  discuss 
more  industry  action  at 
the  On  the  Mark  blog: 

blogs.computerworld. 

com/hall 
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an  SAP  company 


RUSHED? 

Work  Less.  Deliver  More 


Give  business  users  the  ability 
to  view  and  update  reports  from 
anywhere.  As  well  as  to  interact 
with  them  intuitively.  You’ll  not  only 
have  happier  end  users,  but  you’ll 
be  happier  too.  Fewer  reports  to 
create.  And  the  ability  to  schedule 
secure  reports  for  automatic  delivery 
day  or  night.  We’re  talking  about 
Crystal  Reports5  Server  2008— 
the  reporting  solution  that  takes 
the  rush  out  of  IT. 


y/  Rush  me  your  30-Day,  FREE  Trial 
of  Crystal  Reports  Server  2008.  Call 
us  today!  1.888.229.2276  Or,  visit 
www.businessobjects.com/workless 


CRYSTAL  REPORTS 

SERVER 


Vfcje: is  and -he  Business  Objects  logo  and  r 


l&opyrfght  *?>  2008  Bigness  ( 
■registered' trademarks' of 
SAP  AG  in  Germany  and  in  (| 


a  THE  GRILL 

Peter  Sandbom 

An  obsolescence  expert  talks  about 
anticipating  obsolescence,  dealing 
with  it  and  understanding  that  it  is 
part  of  Microsoft’s  business  plan. 
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Name:  Peter  Sandborn 

Title:  Associate  professor  of 
mechanical  engineering 

Organization:  University 
of  Maryland 

Location:  College  Park,  Md. 

Favorite  technology:  “I  have 
a  46-in.  HDTV,  which  I  love.  I 
don’t  think  there’s  any  going 
back.  If  I  was  rescuing  one 
thing  before  a  fire,  it  probably 
would  come  before  the  pets!” 

Greatest  ambition:  “I  used 
to  say  it  was  to  be  called  for 
goaltending  in  a  basketball 
game.  I’m  only  5  feet  4  inches. 
It’s  really  to  think  an  original 
thought.  I  don’t  know  how 
many  people  are  really,  truly 
able  to  do  that  in  a  lifetime.” 

Favorite  nonwork  pastime: 
“Managing  my  kids’  science 
fair  projects.  And  rebuilding 
the  house.” 

Favorite  vice:  “Mountain  Dew. 

I  don’t  drink  coffee,  so  I  have  to 
get  my  caffeine  someplace.” 


Peter  Sandborn  is  an  expert  on  parts 
obsolescence  planning.  He  has  created 
tools  to  help  sustain  the  electronics  em¬ 
bedded  in  safety-critical  systems,  such 
as  aircraft  avionics,  to  help  ensure  that 
they  can  operate  for  decades. 

When  it  comes  to  obsolescence,  what’s 
worse,  hardware  or  software?  Software 
is  worse.  It’s  potentially  a  lot  more  ex¬ 
pensive  and  a  lot  scarier. 

How  fast  do  products  become  obsolete 
today?  Things  like  memory  can 
become  obsolete  within  nine  or  10 
months.  People  who  depend  on  putting 
Dell  laptops  into  larger  critical  systems 
are  stuck  with  the  same  problem.  The 
laptops  they’ve  bought  are  not  support¬ 
ed  for  more  than  three  years,  and  they 
may  be  putting  them  into  a  system  that 
[must  be]  maintained  for  25  years. 

What  industries  are  most  affected? 

The  root  of  the  problem  is  in  avion¬ 
ics.  Medical  diagnostic  equipment 

Continued  on  page  18 


We'll  help  you  get  more  with  a  multifunction  printer. 

Like  office  space,  for  example. 


Canon  imageCLASS®  MF6595 


Ricoh  Aficio  SPC222SF  MFP 


Brother®  MFC-9840CDW 


Network- and  duplex-ready,  monochrome  laser 

printer,  copier,  scanner  and  fax 

Mfr.  speed  rating:  up  to  24  ppm 

Print  resolution:  up  to  1200x600  dpi 

Duty  cycle:  up  to  15,000  pages  per  month 

Hi-Speed  USB  2.0  and  Ethernet  ports 

33.6  Kbps  Super  G3  fax  with  up  to  1,000 

pages  of  reception  memory 

Incorporates  Canon's  Single  Cartridge  System 

One-year  limited  warranty  with  onsite  service 


•  Network-ready,  color  laser  printer,  copier, 
scanner  and  fax 

•  Mfr.  speed  rating:  up  to  21  ppm  black  and  color 

•  Print  resolution:  up  to  2400x600  dpi 

•  Scan  resolution:  up  to  1200x1200  dpi 

•  Duty  cycle:  up  to  30,000  pages  per  month 

•  Wireless  printing  options  available 

•  USB  and  Ethernet  ports 

•  One-year  onsite  warranty 


Wireless  network-  and  duplex- ready  color  laser 
printer,  copier,  scanner  and  fax 
Mfr.  speed  rating:  up  to  21  ppm,  17  ppm  black 
and  color 

Print  resolution:  up  to  2400  x600  dpi 

Scan  resolution:  up  to  1200x2400  optical  dpi 

USB  2.0  and  Ethernet  ports,  plus  wireless  802.11  b/g 


RICOH 


Canon 


■  ■  ■  At  your  side. 

brother 


MFP 

CDW 1369557 

INSTANT 

SAVINGS’ 


CDW  1424054 


CDW  1294242 


We're  there  with  the  printer  solutions  you  need. 

If  your  office  equipment  is  starting  to  take  over,  it  might  be  time  to  simplify.  With  CDW,  you'll  have  a 
personal  account  manager  that  can  help  you  find  a  multifunction  printer  to  take  care  of  all  your  faxing, 
printing,  scanning  and  copying  in  one  place.  That  way,  you'll  be  able  to  save  time.  And  with  one  device 
handling  everything,  you’ll  be  able  to  save  money  too.  So  call  CDW  today  and  start  doing  a  lot  more, 
with  a  lot  less. 

CDW.com  800.399.4CDW 


$150  Instant  savings  offer  valid  through  9/30/08  or  while  supplies  last.  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com. 
©2008  CDW  Corporation  ■  .’. 


The  Right  Technology,  Righl 


■  THE  GRILL  PETER  SANDBORN 


MA  lot  Of 

planned  ob¬ 
solescence  is 
really  a  business  plan 
to  keep  the  level  of 
need  high  enough  that 
companies  grow. 

I 

] 

Continued  from  page  16 
is  another  good  example.  They  have 
to  be  sustained  for  30  years,  maybe 
more.  You  can’t  just  change  things  in 
those  systems  without  putting  a  lot 
of  thought  and  work  into  it,  because 
those  are  highly  qualified  and  certi¬ 
fied  systems.  These  systems  can  have 
qualification  processes  that  run  tens  of 
millions  of  dollars.  It’s  very  expensive 
to  change  anything. 

What  are  the  consequences  of  failing  to 


plan  for  obsolescence?  If  you  have  to  re¬ 
fresh  the  design  of  a  system,  you  have 
to  go  back  through  some  portion  of  the 
qualification.  It  can  get  quite  expen¬ 
sive.  I  worked  on  a  GPS  radio  for  an 
Army  helicopter,  and  if  you  changed  the 
hardware  such  that  it  changed  a  single 
line  of  the  software,  it  was  an  automatic 
requalification  of  the  helicopter. 

There  also  can  be  a  cost  in  avail¬ 
ability  of  the  system.  If  you’re  flying 
airplanes  in  Iraq,  you  may  have  to 
retire  a  perfectly  good  aircraft  so  you 
can  rob  it  for  parts  to  keep  the  other 
ones  going. 

What’s  the  alternative?  If  you  forecast 
the  lifetime  of  the  parts  early,  you  can 
strategically  plan  refreshes  to  deal 
with  the  problems  and  figure  out  what 
the  optimum  refresh  frequency  is. 

Given  all  of  the  uncertainties,  can  you 
really  predict  that  accurately?  This  is  a 
decision-making-under-uncertainty 
problem.  [The  tool  we  developed] 
does  simulations  to  handle  all  of  the 
uncertainties:  in  the  costs  of  resolving 
things,  in  the  dates  when  something  is 
expected  to  go  obsolete,  in  how  many 
spares  you’re  going  to  need.  It  looks  for 
a  solution  that  is  good  in  the  context  of 
all  of  the  uncertainties. 

How  can  IT  organizations  preserve  their 
technology  investments?  Planning  is 
king.  You  can  certainly  piggyback  on 
the  sort  of  mitigation  approaches  that 
people  use  for  avionics,  which  work 
reasonably  well  in  hardware  situations. 
Either  you’re  going  to  have  to  find  an 
aftermarket  supply  chain  or  make  life¬ 
time  buys  and  keep  the  replacements 
in  inventory.  For  a  small  volume  of 
things,  you  can  make  final  orders  and 
store  parts. 

The  other  thing  people  can  do  is  try 
to  consolidate  demand  and  inventory. 
When  a  part  goes  obsolete,  I’m  not  the 
only  person  who  needs  it.  What  people 
find  is  that  I  need  a  couple  of  them, 
the  guy  in  the  next  building  needs  a 
couple  of  them,  and  there’s  a  guy  in  a 
branch  in  Germany  that  has  10  that  I 
never  knew  existed.  There  are  parts 
out  there,  if  you  can  just  link  up  the 
people. 

How  have  regulations,  such  as  the  EU  ban 


on  the  use  of  lead  solder,  exacerbated  the 
obsolescence  problem?  The  EU  ban  is 

called  RoHS,  Restrictions  on  Hazard¬ 
ous  Substances.  You  can’t  have  lead  in 
solder  anymore.  It  has  made  the  entire 
supply  chain  move  to  lead-free  parts. 

In  one  fell  swoop,  you  made  obsolete 
all  tin  lead  solder  parts,  and  now  you’re 
stuck. 

A  lot  of  systems  that  IT  folks  have 
use  tin  solder  parts.  If  you  need  to  fix 
one  of  those  boards,  you  may  have  to 
use  a  lead-free  part.  Now  you’re  assem¬ 
bling  a  lead-free  solder  part  onto  a  tin 
lead  soldered  board,  and  people  ques¬ 
tion  the  reliability  of  that. 

Then  you  have  the  tin  whiskers  that 
can  grow  and  wipe  systems  out. 

Tin  whiskers?  Yes.  Traditional  solder  is 
lead  and  tin.  When  you  add  lead  to  tin, 
it  [grows]  these  single  crystal  whiskers 
over  time.  They  can  be  millimeters 
long,  and  they’ll  short  things  out.  A 
couple  of  satellites  have  been  lost  due 
to  tin  whiskers.  It’s  hard  to  understand 
how  to  stop  it.  It’s  just  an  example  of 
the  kind  of  problems  you  get  into. 

Is  some  of  this  obsolescence  in  the  IT  mar¬ 
ket  planned?  We’re  all  trapped  in  this 
problem  of  “I  have  Office  2005,  and  I’m 
fine  with  Office  2005.  It  does  more  stuff 
than  I’m  ever  going  to  use.”  But  darned 
if  documents  don’t  start  showing  up 
that  I  can’t  open  in  Office  2005  because 
someone  made  them  in  Office  2007. 
Pretty  soon,  I  get  fed  up  with  this  and 
I’m  forced  to  upgrade.  I’m  stuck  in  this 
cycle  of  needing  to  upgrade  because  the 
world  pushes  on  and  pretty  soon  I  can’t 
function,  even  though  I  don’t  need  the 
new  stuff.  We’ve  called  this  the  Micro¬ 
soft  business  plan. 

If  this  wasn’t  happening,  how  would 
Microsoft  stay  in  business?  Their 
whole  stock  value  is  predicated  on  the 
idea  that  everybody  needs  a  machine 
upgrade  and  a  software  upgrade  at 
some  average  frequency.  If  they  didn’t, 
Microsoft  couldn’t  grow,  let  alone  stay 
the  same  size. 

A  lot  of  planned  obsolescence  is  re¬ 
ally  a  business  plan  to  keep  the  level 
of  need  high  enough  that  companies 
grow.  They’re  strategizing  on  “How  do 
we  force  people  to  continue  to  upgrade 
their  version?”  And  they’re  good  at  it. 

—  Interview  by  Robert  L.  Mitchell 
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OPINION 


Why  the  iPhone  Is 
Apple’s  Trojan  Horse 


APPLE’S  NEW  iPhone  3G  arrived  a  few  weeks  ago. 

Did  you  miss  the  news?  Not  likely.  It  was  every¬ 
where.  There  were  rave  reviews  about  the  new 
hardware  and  features,  all  delivered  at  a  much  low¬ 
er  price  than  the  original  iPhone  (see  related  story,  page  12). 


The  more  interest¬ 
ing  news  for  enterprises, 
though,  involves  the  new 
iPhone  and  iPod  Touch 
2.0  software  that  comes 
installed  on  the  3G  phone 
and  is  also  available  for  the 
first-generation  devices. 
That’s  because  the  iPhone 
is  a  now  a  bona  fide  soft¬ 
ware  platform. 

That’s  good  for  Apple; 
everyone  wants  to  be  a 
platform.  It’s  a  powerful 
way  to  generate  revenue. 
But  it’s  good  for  you,  too, 
because  it  means  the 
iPhone  is  positioned  to  be 
a  more  enterprise-friendly 
device.  You  need  it  to  be 
enterprise-friendly  be¬ 
cause,  like  it  or  not,  it’s 
already  a  business  device. 
Any  technology  your  CEO 
wants  to  use  is  a  de  facto 
business  device,  and  the 
iPhone  has  been  very  at¬ 
tractive  to  a  lot  of  CEOs. 

All  device  vendors  have 
to  overcome  a  hurdle  —  a 
sort  of  natural  catch-22 
—  to  make  their  products 
into  platforms.  Develop¬ 
ers  won’t  bother  with  a 
device  until  it  has  a  solid 


base,  something  north  of  a 
million  units.  And  vendors 
usually  can’t  get  to  that 
level  very  easily  without 
third-party  applications 
to  back  up  their  own 
software  offerings.  Apple 
broke  this  logjam  by  pro¬ 
ducing  a  device  that  was 
different,  and  sexy,  enough 
to  make  millions  of  people 
want  to  buy  it,  even  with¬ 
out  the  promise  of  much 
third-party  gear  to  add  on. 

One  of  the  most  impor¬ 
tant  things  that  will  make 
it  much  easier  for  Apple  to 
get  the  iPhone  into  business 
users’  hands  is  support  for 
Exchange.  I  had  no  prob¬ 
lems  syncing  my  Exchange 
data  to  the  iPhone.  A  lot  of 
folks  are  dependent  on  Ex¬ 
change,  so  this  new  ability 
has  made  the  iPhone  a  first- 
class  corporate  citizen. 

Apple  also  released 

■  IT  departments, 
you  have  been 
warned:  Beware 
of  geeks  bearing 
gifts. 


tools  to  let  IT  managers 
remotely  configure  and 
control  iPhones  on  their 
networks.  In  combination 
with  Exchange  syncing, 
that  should  allow  Apple  to 
make  new  inroads  into  the 
enterprise,  with  the  iPhone 
acting  as  a  Trojan  horse 
for  other  Apple  devices 
and  services.  IT  depart¬ 
ments  of  the  world,  you 
have  been  warned:  Beware 
of  geeks  bearing  gifts. 

Another  important 
development  is  the  App 
Store.  It’s  this  store  that 
heralds  the  arrival  of  the 
iPhone  platform  and  all 
that  that  means  —  namely, 
thousands  of  developers  to 
work  on  applications,  and  a 
large  influx  of  venture  cap¬ 
ital  to  fund  the  ecosystem. 

Eventually,  developers 
will  greatly  add  to  what 
the  iPhone  can  do  in  ways 
that  will  attract  both 
consumers  and  business 
users.  There  are  already 
some  interesting  applica¬ 
tions  in  the  store,  and  I’m 
sure  things  will  only  heat 
up  as  developers  really 
start  to  learn  how  to  get 


the  most  from  the  platform. 
And  who  knows  how  cor¬ 
porate  developers  will  take 
to  the  platform  for  line-of- 
business  applications? 

By  the  way,  if  you  re¬ 
ally  didn’t  see  any  of 
those  iPhone  3G  reviews, 

I  can  tell  you  that  it’s  still 
a  handsome  device  with 
good  hand  feel,  despite  the 
replacement  of  the  metal 
backing  with  plastic.  The 
3G  speed  is  impressive, 
and  GPS  has  worked  well 
for  me  in  northern  New 
Jersey.  Sound  is  excellent, 
a  notable  improvement 
over  the  first  generation. 

Battery  life  remains  far 
from  stellar.  But  that’s  the 
thing  about  smart  phones: 
We  love  to  have  them  load¬ 
ed  with  features,  but  those 
features  severely  cut  into 
battery  life.  A  removable 
battery  would  be  nice,  but 
I’ve  learned  to  live  with 
sealed  batteries  after  years 
of  iPod  use.  I’d  like  more 
Bluetooth  profiles,  but  for 
most  people,  Bluetooth  is 
just  for  hands-free  use. 

Then  there’s  the  lack  of 
cut-and-paste.  How  hard 
could  it  be,  Apple?  (Well, 
actually,  it  took  Microsoft 
three  generations  to  get  it 
into  its  smart-phone  ver¬ 
sion  of  Windows  Mobile.)  ■ 
Michael  Gartenberg  is  vice 
president  and  research 
director  for  the  personal 
technology  and  access  and 
custom  research  groups 
at  JupiterResearch  in 
New  York.  Contact  him  at 
mgartenberg@optonline. 
net.  His  weblog  and  RSS 
feed  are  at  http://weblogs. 
jupiterresearch.com/ 
analysts/gartenberg. 
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If  it’s  somebody  else’s  core  business  eh; 
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Cloud  computing  js  changing  the  way 

department.  Ill 


JONATHAN  SNYDER’S  five-person 
team  at  Dreambuilder  Invest¬ 
ments  LLC  isn’t  your  typical  IT 
organization.  Or  is  it? 

The  New  York-based  company, 
which  buys  and  sells  defaulted 
residential  mortgages,  uses  Sales- 
force.com  Inc.’s  Force.com  as  its 
financial  services  platform.  It 
backs  up  data  using  EMC  Corp.’s 
hosted  MozyPro  service.  Dreambuilder’s 
server  is  hosted  by  RackForce  Networks  Inc. 
in  Canada,  and  its  e-mail  is  handled  by  App- 
tix  Inc,,  a  hosted  exchange  in  Herndon,  Va. 

Granted,  Dreambuilder  Investments  is  a 
five-year-old  company  that  lacks  the  IT  infra¬ 
structure  that  a  typical  Fortune  1,000  enter¬ 
prise  has  built  up  over  decades.  But  as  Chief 
Technology  Officer  Jonathan  Snyder  sees 
it,  his  firm’s  core  business  is  mortgages,  not 
server  maintenance  and  disk  backups.  “If  it’s 
somebody  else’s  core  business  to  handle  an 


Exchange  server,  let  them  do  that,”  he  says. 

It’s  not  just  small  to  midsize  businesses  that 
are  following  Snyder’s  lead.  By  2013,  at  least 
one-fifth  of  enterprise  IT  workloads  will  be 
managed  in  cloud  computing  environments, 
according  to  Mike  West,  an  analyst  at  Sauga- 
tuck  Technology  Inc.,  a  boutique  consulting 
firm  in  Westport,  Conn.  He  says  that  big 
companies  are  increasingly  handing  over  their 
IT  infrastructure  activities  to  traditional  IT 
services  providers  such  as  IBM,  Hewlett- 
Packard  Co.  and  even  recent  market  entrants 
like  Amazon.com  Inc.  and  Boomi  Inc.  The 
goal  is  to  lower  their  costs,  access  enhanced 
functionality,  sidestep  skilled-labor  shortages 
and  reduce  their  data  center  footprints. 

Moreover,  building  or  installing  commod¬ 
itized  applications  or  IT  infrastructure  ser¬ 
vices  that  don’t  provide  competitive  advan¬ 
tage  has  produced  diminishing  returns  over 
the  past  few  years,  says  John  Dutra,  CTO  at 

Continued  on  page  22 
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STEPHEN  WEBSTER 


Careers  in  the  Cloud 

IT  organizations  that  shift  a  good  part  of  their  IT  infrastructure  activities 
to  hosted  service  providers  over  the  next  decade  will  likely  see  profound 
changes  in  the  makeup  and  skills  of  their  remaining  IT  staffers. 

“There’s  a  limited  number  of  resources  in  IT,”  notes  John  Dutra, 
CTO  of  Sun  IT,  a  division  of  Sun  Microsystems.  “Wouldn’t  I  want  to 
focus  them  on  the  most  strategic  areas  possible?” 

On  the  path  toward  utility  computing,  IT  leaders  will  need  to 
develop  and  attract  people  with  transitional  skills.  For  instance, 
companies  that  aggressively  pursue  hosted  IT  services  may  wind 
up  creating  software-as-a-service  task  forces  to  devise  new  ways 
of  providing  support  to  business  users,  says  Mike  West,  an  analyst 
at  Saugatuck  Technology.  And  as  companies  cobble  together  a  mix 
of  premises-based  and  hosted  applications,  systems  integration 
expertise  will  come  to  the  fore,  whether  provided  by  internal  staffs  or 
outsourcing  providers.  West  adds. 

Nevertheless,  large  companies  will  still  need  to  have  IT  organiza¬ 
tions  that  are  “very  deep  in  the  business  -  people  who  have  vendor 
relationship  management  skills,  who  can  help  the  [managed  service 
provider]  or  outsourcer  to  understand  how  to  facilitate  the  business,” 
says  Robert  Keefe,  CIO  at  Mueller  Water  Products.  To  play  that  role, 
IT  staffers  will  have  to  improve  their  vendor  negotiation  skills,  says 
Roni  Krisavage,  CIO  at  World  Wrestling  Entertainment  Inc. 


Even  companies  that  outsource  the  bulk  of  their  IT  infrastructure 
support  will  still  need  in-house  technical  experts  who  understand 
how  everything  fits  together  and  works,  says  Beach  Clark,  CIO  at  the 
Georgia  Aquarium. 

And  since  most  hosted  services  will  be  accessed  using  Web  brows¬ 
ers  such  as  Internet  Explorer,  Firefox  and  Safari,  “somebody  in  the 
[customer]  company  will  have  to  deal  with  that  in  a  technical  fash¬ 
ion,”  says  Dutra. 

Once  the  transition  is  well  under  way,  expect  to  see  an  increase  in 
the  number  of  people  with  vendor  relationship  management  skills, 
says  Paul  Major,  managing  director  of  IT  at  Aspen  Skiing  Co.  But  the 
people  who  end  up  filling  those  posts  might  be  “superusers”  and  not 
traditional  IT  staffers,  he  adds. 

Major  also  says  many  IT  pros  with  deep  technical  skills  in  areas 
such  as  network  management  will  probably  end  up  working  in  giant 
hosted  data  centers. 

Futurist  Thornton  May  agrees.  “I  think  the  human  capital  flow  is 
going  to  change”  over  the  next  decade,  he  says. 

He  predicts  that  many  young  IT  workers  will  spend  the  first  10 
years  of  their  careers  working  for  managed  services  providers  and 
then  move  into  middle  and  senior  management  positions  in  corporate 
IT.  “You’re  basically  going  to  get  your  technology  chops  inside  the 
belly  of  the  outsourcing  beast,”  May  says.  “And  some  subset  of  these 
people  will  migrate  over  to  their  customers.” 

-  THOMAS  HOFFMAN 


Continued  from  page  20 
Sun  IT,  a  division  of  Sun  Microsystems 
Inc.  that’s  preparing  to  launch  a  hosted 
computing  platform  for  developers 
called  Network.com. 

Companies  “are  no  longer  going 
to  buy  technology  artifacts,  like  ERP 
systems,”  predicts  Thornton  May,  a 
Biddeford,  Maine-based  futurist  and 
Computerworld  columnist.  Instead,  he 
says,  “they’ll  commit  to  a  service.” 

Cloud  computing  —  the  ability  to 
store  files  and  data  on  a  remote  net¬ 
work  using  the  Internet  (see  Quick- 
Study,  page  25)  —  provides  benefits 
such  as  lowered  infrastructure  costs 
and  enhanced  speed  to  market.  Stud¬ 
ies  have  shown  that  it  would  cost  some 
companies  millions  of  dollars  to  set  up 
their  own  virtualized  server  and  stor¬ 
age  environments,  says  West. 

With  hosted  IT  services,  West  says, 
“you  don’t  have  to  buy  the  hardware 
and  software;  you  just  subscribe. 
There’s  not  a  lot  of  capital  outlay.  The 
attraction  to  that  is  huge.” 

Moreover,  hosted  services  providers 
such  as  Google  Inc.  and  Amazon  are 
making  pricing  transparent.  Google 
Apps  (which  includes  e-mail,  word 
processing,  spreadsheets,  presenta¬ 
tions  and  calendaring)  is  priced  at  $50 
per  user  per  year,  says  Matthew  Glotz- 


bach,  Google’s  director  of  product 
management.  Amazon  says  its  Simple 
Storage  Service  (S3)  is  priced  at  15 
cents  per  gigabyte  each  month. 

“We’ve  removed  so  much  of  the  fric¬ 
tion  by  being  transparent  about  prices 
and  not  having  to  have  lengthy  con¬ 
tracts  and  negotiations,”  says  Adam 
Selipsky,  vice  president  of  product 
management  and  developer  relations 
at  Amazon  Web  Services  in  Seattle. 

Although  the  bulk  of  Amazon  Web 
Services’  customers  are  small  firms,  it 
has  also  signed  up  big  players  such  as 
The  Nasdaq  Stock  Market  LLC  and  The 
New  York  Times,  says  Selipsky.  In  fact, 
he  says  that  adoption  among  enterprise 
customers  has  happened  “a  little  quick¬ 
er  than  we  would  have  imagined.” 

“The  choices  we  have  about  what 
we  do  in-house  and  what  we  can  have 
outsourced  continue  to  improve,”  says 
Beach  Clark,  CIO  at  Georgia  Aquarium 
Inc.,  whose  Web  farm  is  hosted  off-site 
by  a  third  party.  But  Clark  says  he  be¬ 
lieves  that  IT  activities  that  are  core  to 
the  mission  of  a  business  will  continue 


to  be  handled  internally. 

For  instance,  Clark’s  five-person  staff 
handles  most  of  the  aquarium’s  online 
ticketing  support  and  much  of  its  busi¬ 
ness  intelligence  work  —  functions  he 
deems  critical  —  even  though  some  of 
the  programming  itself  is  outsourced. 

CHANCE  OF  PROBLEMS 

The  shift  among  enterprise  IT  orga¬ 
nizations  toward  hosted  infrastructure 
services  is  real,  says  Paul  Major,  manag¬ 
ing  director  of  IT  at  Aspen  Skiing  Co. 

But  even  though  he  finds  the  pros¬ 
pect  of  outsourcing  IT  infrastructure 
support  to  third  parties  “appealing,” 
Major  raises  one  of  the  red  flags  that 
have  played  a  role  in  curbing  wide¬ 
spread  adoption  among  big  companies. 

“My  concern  is  what  happens  if  [the 
service  provider’s]  business  model  flops 
and  someone  comes  in  and  buys  them,” 
says  Major.  “How  do  I  go  back  in  and 
get  my  data  and  format  it?  I’d  rather 
keep  it  local  and  keep  it  under  control.” 

For  that  reason  and  others,  Storage 
Continued  on  page  24 
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easier. 


1.  Know  your  leafy  enemy. 

What  changed  your  dusty,  dried-out  office 
plant  into  a  bloodthirsty  menace?  Will  you 
be  held  responsible  for  the  workloads  of 
your  devoured  coworkers? 


1.  Implement  Microsoft”  Forefront.' 
Forefront  makes  defending  your  systems  easier. 
It's  a  comprehensive,  simple-to-use,  integrated 
family  of  products  that  helps  provide  protection 
across  your  client,  server,  and  network  edge.  For 
case  studies,  free  trials,  demos,  and  all  the  latest 
moves,  visit  easyeasier.com 

Forefront  is  business  security  software  for  client, 
server,  and  the  network  edge. 


2.  Office  coffee. 

This  works  well  against  so  many  office  threats.  The  more  over¬ 
brewed,  reheated,  and  dirty-pot-prepared,  the  better.  Two  pots 
and  it's  over. 


3.  The  junk  food  attack.  s 

In  the  afternoon,  when  energy 
is  low,  raid  the  vending  machine 
and  fill  the  Man-Eating  Plant  with 
snacks,  chips,  cookies,  etc.  Puts  you 
right  to  sleep— the  Plant  too, 
we  bet.  i 


*1.  Go  green. 

We  mean  literally.  Disguise  yourself  as  a 
plant— a  leafy  fern,  perhaps— to  escape 
carnivorous  Plant  scrutiny.  Helps  you 
escape  boss  scrutiny  as  well. 


5.  Weed  spray. 

This  is  generally  nasty  stuff, 
but  there  are  plenty  of  organic 
weed  sprays  on  the  market. 
And  this  is  a  Man-Eating  Plant, 
so  it  seems  justified. 
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As  a  greater  proportion  of  IT  activi¬ 
ties  is  handled  externally,  CIOs  will 
see  their  roles  continue  to  morph, 
though  exactly  how  is  uncertain. 

“I  think  the  technical  CIOs  are  go¬ 
ing  to  migrate  over  to  these  hosted 
companies,”  while  CIOs  who  are 
more  business-focused  will  continue 
to  work  alongside  their  business 
peers  within  customer  companies, 
says  Robert  Keefe,  president  of  the 
Society  for  Information  Management 
and  CIO  at  Mueller  Water  Products. 

Carmen  Malangone,  director  of 
IT  at  Coty,  foresees  more  dramatic 
changes  ahead  for  IT  leaders. 

“What  I  think  you’ll  see  is  the  CIO 
role  dissolving,”  while  IT  directors 
increasingly  work  one-on-one  with 
divisional  business  leaders,  he  says. 

If  he’s  right,  that  kind  of  change  will 
likely  take  years  to  play  out. 

-THOMAS  HOFFMAN 


coming  years,  certain  activities  will 
remain  in-house,  including  data  man¬ 
agement  and  business  intelligence  func¬ 
tions,  says  May. 

Moreover,  says  Robert  Keefe,  CIO  at 
Mueller  Water  Products  Inc.  in  Atlan¬ 
ta,  “you’re  always  going  to  have  some 
things  [in  IT]  that  need  to  be  looked 
after  —  nuances  and  pieces  of  technol¬ 
ogy  that  continue  to  change.” 

For  example,  IT  organizations  are 
likely  to  retain  project  portfolio 
management,  says  Chris  Barbin,  co¬ 
founder  and  CEO  of  Appirio  Inc.,  a 
San  Mateo,  Calif. -based  provider  of 
products  and  services  for  hosted  envi¬ 
ronments  such  as  Salesforce.com  and 
Google  Enterprise.  That  means  they 
will  still  need  people  who  are  adept  at 
sourcing  and  staffing  project  teams. 

“For  me,  it’s  my  revenue-generating 
and  customer-facing  systems”  that  will 
remain  in-house,  says  Major. 

He  cites  a  few  reasons  for  this, 
including  a  dearth  of  vendors  that 


Continued  from  page  22 
Networking  Industry  Association 
Chairman  Vincent  Franceschini 
believes  there  will  be  “many  shades 
of  gray”  when  it  comes  to  adoption 
of  hosted  IT  infrastructure  services 
among  Fortune  2,000  organizations. 

For  instance,  the  chemical  and  avion¬ 
ics  industries  have  vastly  different  busi¬ 
ness  processes  and  data  workflows.  But 
at  the  core  of  both  is  intellectual  prop¬ 
erty  that  companies  “very  much  want 
to  be  controlling,”  says  Franceschini. 

So  while  companies  may  outsource 
some  level  of  rote  IT  infrastructure  ac¬ 
tivities  to  third  parties,  he  says  that  “it 
will  take  some  time”  for  core  business 
applications  —  particularly  those  con¬ 
taining  IP  —  to  move  off-premises. 

If  anything  is  going  to  cause  a  slow¬ 
down  in  managed  services  adoption 
by  enterprise  customers,  it’s  concern 
about  data  protection,  says  Nick 
Sharma,  senior  vice  president  of  infra¬ 
structure  managed  services  at  Satyam 
Computer  Services  Ltd. 

There  are  other  reasons  that  many 
CIOs  are  still  resisting  the  hosted  IT 
services  model.  “I  think  there’s  going 
to  be  a  swing  back  to  a  more  tradi¬ 
tional  [on-premises  IT  support]  model 
because  IT  departments  are  under¬ 
standing  that  users  want  to  interface 
with  a  real  human  being  in  English,” 
says  Carmen  Malangone,  director  of 
IT  at  Coty  Inc.,  a  maker  of  fragrance 
and  beauty  products.  “That’s  one  area 
where  these  [managed]  services  fall 
short,”  he  says,  alluding  to  the  use  of 
offshore  service  reps  whose  English 
language  skills  may  be  spotty. 

And  those  aren’t  the  only  inhibitors 


to  widespread  adoption.  “One  of  the 
biggest  barriers  is  the  IT  organization 
itself,”  says  Sun’s  Dutra.  “There  is  a 
cultural  history  of  building  things.” 
There’s  also  a  bias  among  some  busi¬ 
ness  customers  that  have  become  ac¬ 
customed  to  having  their  IT  organiza¬ 
tions  own  and  operate  systems,  he  adds. 

“There  are  different  degrees  of  pro¬ 
gression  down  this  [hosted  services] 
path,”  says  Bryan  Doerr,  CTO  at  Savvis 
Inc.,  a  St.  Louis-based  IT  infrastructure 
services  provider.  “There’s  a  percentage 
of  companies  that  don’t  think  a  virtual¬ 
ized  solution  is  for  them.” 

Even  for  IT  organizations  that  do 
shift  work  to  third-party  providers  in 


provide  hosted  application  services 
for  those  particular  disciplines.  Even 
when  players  do  emerge  in  those  areas, 
says  Major,  “they’re  going  to  have  to 
come  to  me  and  explain  why  this  is  a 
great  idea  for  me.” 

So  while  more  and  more  enterprises 
are  looking  upward,  most  will  prob¬ 
ably  test  hosted  services  before  losing 
themselves  in  the  cloud. 

“I  don’t  think  the  on-premises 
[software]  business  is  going  away 
overnight;  I  don’t  think  it’s  ever  going 
away,”  says  Google’s  Glotzbach.  “If 
we’ve  learned  anything  in  IT  over  the 
past  20  years,  it’s  that  nothing  ever 
goes  away  completely.”  ■ 


Here’s  a  look  at  some  of  the  types  of  hosted  IT  infrastructure  ser 

dees  that  are  currently  offered: 


Data  center/server  management:  Interest  among  enterprise 
customers  in  virtual  server  farms  is  beginning  to  take  off.  Multiple 
vendors,  including  IBM,  Satyam  and  Amazon  already  offer  such 
services.  These  are  particularly  appealing  to  organizations  trying  to 
avoid  adding  to  their  data  center  footprints. 

n  Application  management;  Already,  customers  can  use  enterprise 
“mashups”  or  applications  that  combine  data  from  two  or  more  sources 
(i.e.,  a  Google  Map  and  an  Excel  spreadsheet  that  ties  into  an  ERP  sys¬ 
tem).  But  business  partners  that  are  “tenants”  with  the  same  SaaS  pro¬ 


vider  can  also  share  customer  data,  sales  leads  and  other  information. 

m  Systems  integration:  Until  recently,  systems  integration  had  been 
a  sticking  point  for  organizations  that  have  tried  to  mesh  data  from 
their  hosted  and  premises-based  applications.  Now,  companies 
such  as  Boomi  offer  integration-on-demand  services  that  allow 
customers  to  build,  deploy  and  manage  application  integration  using 
Web  browsers.  Boomi  customers  that  want  to  integrate  their  Sales- 
force.com  data  with  Oracle  Financials  pay  a  standard  rate  of  $135  a 
month,  regardless  of  the  number  of  users. 

■  Storage  management:  EMC’s  Cloud  Infrastructure  and  Services 
division  offers  subscription-level  storage  services  to  enterprise  cus¬ 
tomers,  including  backup  as  a  service,  which  supports  both  PC  and 
Macintosh  clients. 


-THOMAS  HOFFMAN 


QUICKSTUDY  ■ 


BY  RUSSELL  KAY 

SK  ANY  five 
IT  specialists 
what  cloud 
computing 
is,  and  you’re 
likely  to  get  five  different 
answers.  That’s  partly  be¬ 
cause  cloud  computing 
is  merely  the  latest, 
broadest  develop¬ 
ment  in  a  trend 
that’s  been  grow¬ 
ing  for  years. 

Cloud  comput¬ 
ing  is  the  most 
recent  successor 
to  grid  computing, 
utility  computing, 
virtualization  and 
clustering.  Cloud 
computing  overlaps 
those  concepts  but 
has  its  own  mean¬ 
ing:  the  ability  to 
connect  to  software 
and  data  on  the 
Internet  (the  cloud) 
instead  of  on  your  hard 
drive  or  local  network. 

To  do  anything  with  a  PC 
10  years  ago,  you  needed  to 
buy  and  install  software. 
Now,  cloud  computing  al¬ 
lows  users  to  access  pro¬ 
grams  and  resources  across 
the  Internet  as  if  they  were 
on  their  own  machines. 

IN  THE  BEGINNING 

First,  there  were  mainframe 
computers,  then  minicom¬ 
puters,  PCs  and  servers.  As 
computers  became  physi¬ 
cally  smaller  and  resources 
more  distributed,  problems 
sometimes  arose  when  us¬ 
ers  needed  more  computing 
power. 

IT  pros  tried  clustering 
computers,  allowing  them 


to  talk  with  one  another  and 
balance  computing  loads. 
Users  didn’t  care  which 
CPU  ran  their  program,  and 
cluster  software  managed 
everything.  But  clustering 
proved  to  be  difficult  and 
expensive. 


In  the  early  1990s,  the  grid 
concept  emerged:  Users 
could  connect  to  a  network, 
much  as  they  plugged  into 
the  electrical  power  grid, 
and  use  service  on  a 
metered-utility  basis.  Thus, 
people  began  speaking  of 
utility  computing. 

One  problem  was  where 
data  was  stored.  Grid  nodes 
could  be  located  anywhere  in 
the  world,  but  there  could  be 
significant  processing  delays 
while  data  stored  at  other 
locations  was  transmitted. 

Also,  grid  or  cloud  com¬ 
puting  means  users  and 
businesses  must  migrate 
their  applications  and  data 
to  a  third  party  or  different 


platform.  For  enterprises 
with  huge  investments  in 
existing  software  and  opera¬ 
tional  procedures,  this  has 
been  a  real  barrier  to  adop¬ 
tion  of  these  shared  tech¬ 
nologies.  Other  significant 
concerns  include  data  secu¬ 
rity  and  confidentiality. 

WHY  IT  WORKS 

Critical  to  the 
success  of  cloud 
computing  has 
been  the  growth 
of  virtualization, 
allowing  one 
computer  to  act 
as  if  it  were  an¬ 
other  —  or  many 
others.  Server 
virtualization 
lets  clouds  support 
more  applications 
than  traditional 
computing  grids, 
hosting  various 
kinds  of  middleware 
on  virtual  machines 
throughout  the  cloud. 

WHERE  IT’S  GOING 

If  cloud  computing  succeeds 
on  a  wide  scale,  it  may  well 
be  because  of  recent  initia¬ 
tives  from  Amazon,  IBM 
and  Google. 

In  2007,  IBM  and  Google 
Inc.  teamed  up  to  provide 
the  hardware,  software  and 
services  needed  to  teach 
computer  science  students 
large-scale  distributed 
computing.  Their  Academic 
Cluster  Computing  Initia¬ 
tive  began  when  a  Google 
software  engineer,  Chris- 
tophe  Bisciglia,  wanted  to 
improve  computer  science 
curricula  by  teaching  col¬ 
lege  students  how  to  solve 


Definition 

CLOUD  COMPUTING  de¬ 
scribes  a  system  where 
users  can  connect  to  a 
vast  network  of  computing 
resources,  data  and  serv¬ 
ers  that  reside  somewhere 
“out  there,”  usually  on  the 
Internet,  rather  than  on 
a  local  machine  or  a  LAN 
or  in  a  data  center.  Cloud 
computing  can  give  on- 
demand  access  to  super- 
computer-level  power, 
even  from  a  thin  client  or 
mobile  device  such  as  a 
smart  phone  or  laptop. 


problems  involving  massive 
computer  clusters  and  tera¬ 
bytes  of  data. 

Google’s  CEO  recruited 
his  counterpart  at  IBM  to 
join  the  initiative.  The  two 
companies  say  they  will 
dedicate  hundreds  of  com¬ 
puters  to  it.  Located  in  data 
centers  at  Google,  IBM’s  Al- 
maden  Research  Center  and 
the  University  of  Washing¬ 
ton,  these  resources  are  ex¬ 
pected  to  eventually  include 
more  than  1,600  processors. 

Initially,  six  universities 

—  the  University  of  Wash¬ 
ington,  Stanford  University, 
Carnegie  Mellon  Univer¬ 
sity,  MIT,  the  University  of 
Maryland  and  the  Univer¬ 
sity  of  California,  Berkeley 

—  are  participating  in  the 
Google-IBM  program. 

Meanwhile,  Amazon.¬ 
com  Inc.  offers  a  couple  of 
cloud  services.  Web  ser¬ 
vice  developers  can  use  its 
Simple  Storage  Service  (S3) 
to  store  any  amount  of  data. 
And  developers  can  use 
Amazon’s  Elastic  Compute 
Cloud  (EC2)  to  set  up  a  vir¬ 
tual  server  in  minutes,  with 
none  of  the  maintenance  of 
buying  and  installing  server 
hardware  and  software. 

Both  services  are  offered  on 
a  pay-per-use  basis.  ■ 

Kay  is  a  Computerworld  con¬ 
tributing  writer  in  Worcester, 
Mass.  You  can  contact  him  at 
russkay@charter.net. 


Why  a  Cloud? 

For  years,  in  flow  diagrams  and 
PowerPoint  presentations,  people  have 
represented  the  Internet  as  a  fuzzy 
cloud  with  communications 
lines  going  in  and  out  of  it.  Now  that 
they’re  actually  talking  about  using 
a  remote,  black-box  approach  to 
computing,  the  old  familiar  cloud  seems 
an  appropriate  metaphor. 
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Vendors  start  to 
design  IT  with 
Mother  Earth  in  mind. 

By  Mary  K.  Pratt 


says  Christopher  Mines,  an  analyst  at 
Forrester  Research  Inc.  “The  industry 
has  made  great  strides,  and  certainly 
there  are  companies  that  take  design 
for  the  environment  to  heart.” 

Tiernan  points  to  the  initiatives  at 
HP  to  illustrate  the  point. 

The  company  has  a  commitment  to 
eliminating  toxic  polyvinyl  chloride 
(PVC)  and  brominated  flame  retar¬ 
dant  (BFR)  from  all  of  its  products  by 
the  end  of  2009.  It  has  switched  from 
solvent-based  paints  to  more  environ¬ 
mentally  friendly  water-based  types 
for  its  workstations  and  TVs.  And  20 
months  ago,  it  started  to  eliminate 
metals,  many  of  which  are  neuro¬ 
toxins,  from  its  consumer  desktops, 
removing  enough  so  far  to  be  able  to 
construct  the  Eiffel  Tower. 

HP  also  incorporates  power  manage- 


HP  saw  potential  in  used  water  bottles. 

Hewlett-Packard  Co.  found  a  way  to  turn  those  old  bottles, 
along  with  other  types  of  recyclable  consumer  plastics,  into  ink¬ 
jet  printer  cartridges,  si  In  fact,  HP  turned  more  than  5  million 
pounds  of  recycled  plastic  into  ink-jet  cartridges  in  2007 
and  plans  to  use  twice  as  much  this  year,  h  The  project,  part  of 
HP’s  Design  for  Environment  program,  is  just  one  way  for  the 
company  to  meet  its  green  objectives,  says  Pat  Tiernan,  vice 
president  for  social  and  environmental  responsibility.  ■  “More 
and  more  people  are  really  thinking  about  the  environment  in 
ways  they  hadn’t  before,”  he  says. 


HP  isn’t  the  only  technology  com¬ 
pany  gambling  on  green.  Many  manu¬ 
facturers  are  now  giving  heightened 
consideration  to  how  their  products 
affect  the  environment.  As  a  result, 
they’re  building  more  products  that 


i  require  fewer  resources  to  make  and 
j  less  power  to  run,  contain  less  toxic 
J  material,  and  are  a  snap  to  refurbish 
\  or  recycle. 

\  “The  vendors  are  paying  a  tremen- 
i  dous  amount  of  attention  to  this,” 
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ment  technology  into  its  printers,  some¬ 
thing  it  has  done  since  the  1990s  with 
its  Instant-on  Technology,  which  short¬ 
ens  the  time  a  printer  takes  to  wake 
up  from  sleep  mode,  using  up  to  50% 
less  energy  than  traditional  technolo¬ 
gies.  And  this  year,  it  released  HP  Web 
Jetadmin,  which  is  designed  to  allow 
IT  workers  to  remotely  schedule  sleep/ 
wake-up  cycles  and  automatically  turn 
off  devices  at  night  and  on  weekends. 

The  impact  of  those  types  of  innova¬ 
tions  can  be  significant:  Over  the  past 
decade  or  so,  HP’s  technologies  have 
yielded  energy  savings  that  are  about 
the  same  as  the  savings  that  would  be 
generated  by  removing  1.1  million  cars 
from  the  road  for  one  year. 

Tiernan  acknowledges  that  some  of 
HP’s  greener  products  have  premium 
prices,  but  apparently  companies  are 
willing  to  pay  them.  He  says  customers 
often  include  questions  about  HP’s  en¬ 
vironmental  policies  on  their  requests 
for  proposals.  In  fact,  the  number  of 
customers  asking  about  green  initia¬ 
tives  has  grown  by  more  than  150%  in 
the  past  two  years. 

REPORT  CARDS 

Customers  aren’t  the  only  ones  tak¬ 
ing  notes.  Greenpeace  International 
has  taken  on  this  issue  in  its  quarterly 
“Guide  to  Greener  Electronics”  report, 
which  ranks  consumer  electronics 
companies  based  on  their  efforts  to 
reduce  toxins  in  their  products,  and 
on  their  programs  for  taking  back  and 
recycling  products.  The  June  2008 
report  for  the  first  time  considered  the 
manufacturers’  efforts  to  increase  their 
products’  energy  efficiency. 

That  report,  issued  June  25,  lists 
Sony  Ericsson  and  Sony  Corp.  as  lead¬ 
ers  among  the  18  companies  ranked. 
However,  the  report  gave  those  two  a 
score  of  just  over  5  on  a  scale  of  1  to  10. 
The  majority  of  the  ranked  companies 
fell  between  4  and  5. 

Despite  such  mediocre  marks,  the 
industry  has  made  strides  to  do  better 
by  the  environment. 

Casey  Harrell,  a  toxics  activist  at 
Greenpeace,  says  many  manufacturers 
have  made  their  product  lines  more  en¬ 
vironmentally  friendly  in  just  the  past 
few  years. 

“We  have  significantly  greener  mo¬ 
bile  phones,  laptops  and  PDAs  than  we 


had  three  or  four  years  ago,”  he  says. 
He  credits  such  successes  to  technol¬ 
ogy  advances,  the  development  of  al¬ 
ternative  materials,  legislative  require¬ 
ments  and  customer  demands. 

“Almost  all  [the  manufacturers]  are 
doing  design  for  the  environment  to 
some  extent,  but  there  are  companies 
that  are  certainly  more  progressive 
than  others,”  says  Kate  Sinding,  a  se¬ 
nior  attorney  at  the  Natural  Resources 
Defense  Council  in  New  York. 

Fujitsu  Computer  Systems  Corp. 
in  Sunnyvale,  Calif.,  is  working  on 
several  fronts  toward  its  goal  of 


1.  TAKE  INVENTORY.  “You’d  be 
shocked  at  how  much  equipment  you 
have  turned  on  that’s  redundant,” 
says  Richard  McCormack,  senior 
vice  president  of  marketing  at  Fujitsu 
Computer  Systems. 

2.  ASSIGN  AN  EXECUTIVE  to  be 
responsible  for  proper  disposal  of 
e-waste,  and  budget  for  that  task. 

“In  a  lot  of  enterprises,  there’s  no 
one  person  responsible,  and  that’s 
where  the  trouble  begins,”  says  Jim 
O’Grady,  director  for  global  asset 
management  at  HP  Financial  Ser¬ 
vices  in  Murray  Hill,  N.J. 

3.  BUY  ENERGY  STAR  computers 
and  servers  to  ensure  you’re  getting 
the  most  energy-efficient  equipment. 

4.  USE  ENTERPRISEWIDE  POWER- 
MANAGEMENT  SOFTWARE  for  desk¬ 
top  computers,  a  move  that  the  EPA 
estimates  could  save  you  $25  to  $75 
per  PC  annually. 

5.  DEPLOY  COLLABORATION  SOFT¬ 
WARE  AND  WEBCONFERENCING 
AND  SOCIAL  COMPUTING  TOOLS  to 
reduce  business  travel  requirements. 
Let  employees  work  flexible  sched¬ 
ules  or  work  from  home  to  further 
reduce  carbon  emissions  caused  by 
commuting. 

-  MARY  K.  PRATT 


developing  greener  products. 

One  initiative  is  the  four-year-old 
Super  Green  Products  program,  says 
Richard  McCormack,  the  company’s 
senior  vice  president  of  marketing. 
Products  earn  the  Super  Green  desig¬ 
nation  if  they’re  best  in  class  in  several 
areas:  They  must  use  less  energy,  avoid 
hazardous  substances  and  incorporate 
the  three  R’s  —  reduce,  reuse,  recycle 
—  in  their  design  and  technology. 

McCormack  cites  Fujitsu’s  Primergy 
TX120  server  as  an  example.  The 
server  takes  less  space,  consumes  less 
energy,  and  produces  less  heat  and 
noise  than  standard  servers,  yet  it  has 
the  same  memory  and  storage  capac¬ 
ity  as  bigger  models.  It’s  also  designed 
for  easy  disassembly  and  separation 
of  materials  that  can  then  be  reused  in 
other  products,  he  says.  (The  trade-off 
is  that  it  has  fewer  optional  compo¬ 
nents  and  more  fixed  ones,  notes  Mc¬ 
Cormack.) 

Fujitsu  has  also  developed  biode¬ 
gradable  plastics  that  have  less  of  an 
environmental  impact  than  traditional 
plastics,  which  are  harder  to  reuse 
than  other  components  of  electronic 
goods,  McCormack  says.  The  company 
has  used  biodegradables  in  certain 
notebook  PCs  since  2002.  And  in  2006, 
it  developed  a  flexible  bio-plastic  using 
castor  oil;  that  material  is  now  used  in 
PCs  and  cell  phones. 

TOXIC  OUT;  GREEN  IN 

Fujitsu’s  push  for  products  that  are 
environmentally  sound  from  inception 
through  disposal  exemplifies  the  grow¬ 
ing  design-for-environment  trend. 

Harrell  says  he  sees  manufacturers 
phasing  out  a  number  of  toxic  chemi¬ 
cals,  including  lead,  mercury  and 
cadmium.  Some  are  working  to  replace 
other  toxins,  such  as  PVC  and  BFR, 
with  materials  that  so  far  have  proved 
to  be  less  dangerous. 

However,  he  and  others  still  see 
room  for  improvement. 

A  February  2008  Greenpeace  report 
says  the  fate  of  up  to  80%  of  e-waste  in 
the  U.S.  is  unknown,  because  much  of  it 
is  still  sent  to  landfills  and  incinerators 
or  illegally  exported  for  dumping  in  Af¬ 
rica  or  rudimentary  recycling  in  Asia. 

Harrell  says  manufacturers  need  to 
do  more,  too.  For  instance,  Nintendo 
of  America  Inc.  in  Redmond,  Wash., 
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■  HARDWARE 


Many  factors  are  pushing  manufactur¬ 
ers  to  develop  green  IT  products.  Here 
are  a  few  of  them: 


■  INTERNATIONAL  LAWS.  Several  laws 
now  require  manufacturers  to  take  back 
their  equipment  and  reduce  the  use  of 
hazardous  materials  in  their  products, 
such  as  the  European  Union’s  Waste 
Electrical  and  Electronic  Equipment 
(WEEE)  directive  and  the  Restriction  of 
Hazardous  Substances  (RoHS)  directive. 

■  U.S.  STATE  AND  MUNICIPAL  REGU¬ 
LATIONS,  California  and  New  York  City 
are  among  the  places  that  require  vary¬ 
ing  levels  of  electronics  recycling  and 
manufacturer  take-back  programs. 

■  CORPORATE  REQUIREMENTS. 

More  companies  now  include  green 


ranked  at  the  very  bottom  of  Green¬ 
peace’s  electronics  guide.  Nintendo  did 
not  respond  to  requests  for  comment. 

To  be  fair,  Nintendo  isn’t  the  only 
company  Greenpeace  cited  in  a  May 
report  called  “Playing  Dirty,”  which 
examined  the  use  of  hazardous  chemi¬ 
cals  and  materials  in  gaming  console 
components.  Greenpeace  looked  at 
Microsoft  Corp.’s  Xbox  360  Elite,  the 

More  Resources 

■  CLIMATE  SAVERS  COMPUTING 
INITIATIVE:  A  nonprofit  group  of 
eco-conscious  consumers,  businesses 
and  conservation  organizations. 
www.climatesaverscomputing.org 

■  ENERGY  STAR:  A  joint  program  of  the 
U.S.  Environmental  Protection  Agency 
and  the  U.S.  Department  of  Energy  to 
promote  energy-efficient  products  and 
practices,  www.energystar.gov 

■  THE  GREEN  GRID:  A  global  consortium 
dedicated  to  advancing  energy  efficiency 
in  data  centers  and  business  computing 
systems,  www.thegreengrid.org 

H  THE  ELECTRONIC  INDUSTRY  CITI¬ 
ZENSHIP  COALITION  (BCC):  A  group  of 
companies  that  has  developed  a  code  of 
best  practices  adopted  and  implemented 
by  some  of  the  world’s  major  electronics 
brands  and  their  suppliers. 

\  www.eicc.info/index.html 


standards  in  their  vendor  RFPs  and 
require  manufacturers  to  take  back 
products  for  recycling. 

■  CONSUMER  DEMAND.  Individuals 
are  increasingly  incorporating  envi¬ 
ronmental  standards  in  their  buying 
decisions,  and  the  market  is  responding. 
For  example,  Wal-Mart  Stores  Inc.  an¬ 
nounced  last  year  that  it  would  evaluate 
consumer  electronics  suppliers  in  part 
on  their  products’  environmental  sus¬ 
tainability. 

■  ELECTRICITY  COSTS  AND  LIMITA¬ 
TIONS.  As  energy  costs  soar  and  the  pow¬ 
er  grid  grows  more  and  more  burdened, 
companies  are  looking  for  products  that 
won’t  cost  as  much  to  run  or  require 
them  to  seek  more  power  capacity. 

-  MARY  K.  PRATT 


40GB  Sony  PlayStation  3  and  the  Nin¬ 
tendo  Wii.  It  didn’t  detect  cadmium  or 
mercury  in  any  of  those  game  systems’ 
components,  but  it  found  lead  and 
chromium  at  relatively  low  concentra¬ 
tions  in  some  samples  and  PVC  in  a 
number  of  flexible  materials  (wire  and 
cable  coatings)  in  all  of  the  consoles. 

Microsoft,  Nintendo  and  Sony  have 
committed  to  making  greener  prod¬ 
ucts.  According  to  the  Greenpeace 
report,  Microsoft  said  it  would  stop 
using  PVC  and  BFR  in  its  hardware  by 
2010,  Nintendo  said  it  would  eliminate 
PVC  in  its  products  but  has  not  com¬ 
mitted  to  a  date,  and  Sony  said  it  would 
phase  out  PVC  and  certain  uses  of  BFR 
in  its  mobile  products  by  2010. 

CUSTOMERS  ARE  WATCHING 

ChiYoung  Oh,  environmental  products 
manager  at  Samsung  Electronics  Co. 
in  Seoul,  says  that  consumers  expect 
top  brands  to  have  high  environmental 
standards  and  that  corporate  custom¬ 
ers  want  to  know  about  green  pro¬ 
grams,  even  if  contracts  aren’t  won  or 
lost  because  of  them. 

Samsung  has  a  number  of  initiatives 
it  can  show  to  customers,  Oh  said  in  an 
e-mailed  statement.  In  2004,  the  com¬ 
pany  introduced  a  formal  eco-design 
process  that  incorporates  attention 


to  resource  efficiency,  environmental 
hazards  and  energy  efficiency.  The 
process  is  linked  to  the  company’s 
quality  certification  process,  which 
means  environmental  factors  are  con¬ 
sidered  part  of  product  quality. 

Samsung  incorporates  recycled  ma¬ 
terials  in  new  products  when  possible 
and  focuses  on  making  products  easier 
to  recycle.  It  has  simplified  screws  and 
fasteners  to  make  products  easier  to 
break  down  into  components,  reduced 
the  number  of  materials  used  in  order 
to  facilitate  material  separation,  and 
ensured  that  plastics  are  marked  in  ac¬ 
cordance  with  international  standards 
to  aid  recycling. 

Likewise,  Sun  Microsystems  Inc. 
thinks  about  disassembly  as  it  designs 
its  products,  making  sure  they  come 
apart  quickly  and  mostly  without  tools, 
according  to  Dermot  Duggan,  Sun’s 
director  of  eco-innovation  solutions. 
The  company  even  moved  ID  stickers 
from  plastic  parts  to  sheet  metal,  be¬ 
cause  clean  plastic  is  more  valuable  for 
recycling. 

Such  efforts  make  a  difference,  says 
Jake  Player,  president  of  TechTurn  Inc., 
an  Austin-based  company  that  recycles 
and  refurbishes  technology  equipment. 

“We’re  seeing  [manufacturers]  work 
with  us  on  how  to  make  the  computers 
easier  to  recycle,”  Player  says. 

For  example,  hard  drives  now  snap 
out,  and  chassis  snap  apart.  There’s 
less  use  of  metals  and  other  compo¬ 
nents  that  can’t  easily  be  separated, 
and  there’s  more 
compatibility  of 
components  across 
the  manufacturers’ 
own  product  lines. 

Player  says  his 
company  can  re¬ 
furbish  and  resell 
80%  of  the  1  million  assets  it  handles 
annually.  Those  include  data  center 
equipment,  scanners,  fax  machines, 
phones,  docking  stations  and  computer 
speakers.  The  remaining  materials  can 
be  recycled. 

Today,  says  Player,  “manufactur¬ 
ers  are  designing  these  products  with 
[recyclers]  in  mind,  whereas  five  years 
ago  they  weren’t.”  ■ 

Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 


IS  THAT  KEYBOARD 
TOXIC? 

Concerns  about 
nanotechnology  are  rising. 

See  computerworld. 
com/more. 
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SECURITY  MANAGER’S  JOURNAL  (  MATHIAS  THURMAN 


A  Security  Roundup 
0  Minutes  Flat 

Our  manager  has  a  chance  to  make 
the  case  for  better  security  every 

quarter.  But  he  has  to  be  fast. 


OU’RE  A  secu¬ 
rity  manager 
with  20  min¬ 
utes  to  com¬ 
municate  to 
the  CIO  the  precise  state 
of  your  company’s  security 
posture.  You  need  to  dem¬ 
onstrate  that  things  have 
improved,  but  you  have  to 
make  it  clear  that  things 
could  be  even  better  if  you 
received  more  funding. 
The  CIO  and  his  staff  are 
hearing  from  every  func¬ 
tional  unit  under  his  con¬ 
trol,  and  he’ll  be  extracting 
key  slides  for  when  he  goes 
on  to  make  a  similar  pre¬ 
sentation  to  the  CEO. 

How’s  that  for  pressure? 

This  is  what  happens  ev¬ 
ery  quarter  in  my  compa¬ 
ny,  and  it’s  no  exaggeration 
to  say  that  those  presenta¬ 
tions  constitute  the  most 
important  80  minutes  of 
the  year  for  me.  I  think  of 
my  20  minutes  each  quar¬ 
ter  as  my  opportunity  to 
present  our  security  State 
of  the  Union. 

I  divide  my  presentation 
into  several  sections.  The 
first,  a  review  of  my  role  in 
the  company,  takes  only  a 
couple  of  minutes.  It  might 
seem  like  a  waste  of  some 
of  my  precious  20-minute 


allotment,  but  from  time  to 
time,  my  role  is  modified, 
and  I  like  to  keep  everyone 
up  to  date. 

Next  up  are  metrics, 
which  are  an  effective 
means  of  communicating 
the  level  of  information 
security  we  are  achieving. 
When  I  tell  the  CIO  and 
his  staff  the  percentage 
of  our  Windows  PCs  and 
servers  that  are  up-to- 
date  with  antivirus  and 
security  patches,  they  un¬ 
derstand  the  implications. 
They  know  that  there’s  a 
direct  correlation  between 
a  low  percentage  of  anti¬ 
virus  compliance  and  an 
increase  in  virus  incidents. 
And  having  been  through 
major  outbreaks  in  the 
past,  they  share  my  desire 
to  never  go  through  that 
mess  again. 

They  have  a  similar 
understanding  when  I  tell 
them  the  percentage  of 
our  network  that’s  being 

■  Those  four 
quarterly  presen¬ 
tations  constitute 
the  most  important 
80  minutes  of  the 
year  for  me. 


monitored  by  intrusion- 
detection  software  and 
data-loss  prevention  sen¬ 
sors,  or  when  I  tell  them 
how  closely  we’re  main¬ 
taining  our  environment 
to  a  known  baseline  con¬ 
figuration. 

Another  metric  of  great 
interest  is  the  percentage 
of  projects  that  gained  my 
approval  during  the  op¬ 
erational  readiness  phase 
rather  than  late  in  the  proj¬ 
ect  life  cycle.  That  number 
has  been  rising,  showing 
that  IT  is  thinking  of  secu¬ 
rity  in  the  early  stages. 

Then  I  turn  to  my 
group’s  highlights  and 
lowlights.  One  highlight 
this  quarter  was  certainly 
our  success  in  data-loss 
prevention  and  how  that 
translates  to  return  on 
investment  (all  discussed 
in  more  detail  in  my  July 
21  column).  But  I  also  had 
successes  in  obtaining 
funding  for  a  secure  FTP 
project  and  in  getting  se¬ 
curity  embedded  into  the 
project  life-cycle  manage¬ 
ment  process. 

One  lowlight  was  related 
to  one  of  the  highlights:  It’s 
difficult  to  properly  oper¬ 
ate  the  data-loss  preven¬ 
tion  infrastructure  without 


Trouble 

Ticket 

ISSUE:  There’s  a  limited 
window  every  quarter  to 
communicate  the  compa¬ 
ny’s  security  posture. 

ACTION  PLAN:  Be  or¬ 
ganized,  tout  successes, 
and  ask  for  money. 


additional  head  count. 
Another  lowlight  this 
quarter  was  a  nudge  di¬ 
rected  at  the  CIO  himself, 
as  I  communicated  my 
frustration  that  some  poli¬ 
cies  I  had  updated  had  yet 
to  be  ratified  by  him. 

And  then  there’s  the 
budget,  which  is  always  a 
lowlight.  Without  proper 
funding,  it’s  difficult  to 
execute  on  previously  es¬ 
tablished  road  maps,  since 
I  have  to  spend  time  and 
energy  seeking  commit¬ 
ments  from  other  business 
units. 

I  conclude  with  a  heads- 
up  slide,  which  I  also  refer 
to  as  “Watch  out,  here  it 
comes.”  This  quarter,  I 
revealed  some  of  the  find¬ 
ings  from  a  recent  security 
assessment  we  had  done 
as  part  of  an  acquisition. 
Then  I  had  to  give  ev¬ 
eryone  a  heads-up  about 
employees’  increased 
use  of  mobile 
devices,  particu¬ 
larly  iPhones. 

Employees  are 
discovering  all 
sorts  of  new 
ways  to  connect 
these  devices  to  our  net¬ 
work. 

My  message:  “Watch 
out,  here  comes  a  new 
policy.”  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “Mathias  Thurman,” 

whose  name  and  employer 
have  been  disguised  for  ob¬ 
vious  reasons.  Contact  him 
at  mathias_thurman@ 
yahoo.com. 


D.COM 


O  JOIN  IN 

To  join  in  the  discussions 
about  security,  go  to 

computerworld.com/ 

blogs/security 
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SB  OPINION 

Paul  G  len 
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Fostering 

Accountability 


W  DO  I  make  my  people  more  accountable?”  As 
a  management  consultant,  I  get  this  question  all 
the  time.  In  fact,  I’d  have  to  say  that  in  general, 
aking  people  more  accountable  is  one  of  the  top 
aspirations  of  technical  managers.  So  it’s  worth  answering  the 
question  here  are  simply  as  I  can. 


Here  it  goes:  You  can’t 
make  your  people  account¬ 
able.  Get  over  it.  It’s  that 
simple. 

Here’s  what  you  can  do: 

■  Threaten  them. 

■  Bully  them. 

■  Micromanage  them. 

■  Beg  them. 

■  Offer  them  incentives. 

■  Praise  them. 

But  none  of  these  things 
produces  accountability. 
The  list  can  go  on  and  on, 
but  it  won’t  get  you  to  ac¬ 
countability. 

The  problem  is  not 
that  we  managers  lack 
the  creativity  and  en¬ 
ergy  required  to  make 
people  accountable.  It’s 
that  accountability  isn’t 
something  that  manag¬ 
ers  can  mandate.  It’s  not 
something  managers  can 
enforce.  It’s  something 
that  subordinates  feel.  It’s 
a  mental  and  emotional 
state,  not  some  condition 
that  managers  impose. 
There’s  no  magical  for¬ 
mula  for  making  anyone 
feel  this  way. 

So  how  does  it  happen? 
Real  accountability  occurs 


when  employees  believe 
these  things: 

■  Their  work  matters. 

■  They  have  substantial 
control  over  their  ability  to 
succeed  or  fail. 

■  The  quality  and  time¬ 
liness  of  the  work  is  im¬ 
portant. 

■  The  rewards  and  con¬ 
sequences  that  result  from 
their  work  are  fair. 

■  They  have  reasonable 
influence  on  the  evaluation 
of  their  work. 

A  manager’s  ability  to 
make  someone  feel  these 
things  is  extremely  limited. 
But  knowing  that  they  can 
influence  some  feelings, 
managers  sometimes  try 
to  enforce  accountability 
by  manipulating  people’s 
emotions.  So  how  can  you 
as  a  manager  try  to  foster 
certain  feelings  in  your 
subordinates?  Here  are 


11  Employees 
most  choose 
accountability. 

And  you  can’t  force 
them  to  do  so. 


some  things  you  can  do: 

■  Try  to  make  them 
frightened. 

■  Try  to  make  them  feel 
intimidated. 

■  Make  them  feel  that 
you  mistrust  their  abilities 
and/or  motives. 

■  Encourage  them  to  feel 
more  powerful  than  you. 

■  Encourage  them  to  be 
greedy. 

■  Try  to  make  them  feel 
loved  and/or  respected. 

But  none  of  these  emo¬ 
tions  engenders  genuine 
accountability,  and  few  of 
them  would  qualify  as  pro¬ 
ductive. 

Employees  must  choose 
accountability.  You  can 
offer  it,  but  they  must  de¬ 
cide  whether  to  accept  it. 
And  you  can’t  force  them 
to  do  so.  The  best  you  can 
do  is  to  try  to  create  an  en¬ 
vironment  that  encourages 
them  to  make  that  choice. 
Here’s  how: 

■  Communicate  the  im¬ 
portance  of  work. 

■  Structure  work  to  give 
people  control  over  their 
own  success. 

m  Recognize  and  reward 


outstanding  work. 

■  Ensure  that  rewards 

and  consequences  are  con-  \ 
sistently  and  fairly  meted 
out  and  are  proportional  to  • 
success  or  failure. 

■  Take  reasonable  ex¬ 
tenuating  circumstances 
into  account. 

■  Structure  work  in 

such  a  way  that  people 
owe  things  to  one  another 
rather  to  the  supervisor.  I 

But  again,  you  can  only 
encourage  them  to  choose 
accountability;  you  can’t 
mandate  that  choice. 

Even  now,  I  can  hear  your  { 
protest:  “I  can  discipline 
people  if  they  screw  up.” 

True,  but  even  if  done  well, 
discipline  is  only  one  means  J 
of  engendering  account-  | 

ability.  It’s  not  the  whole 
enchilada.  More  important,  I 
an  employee  who  really 
feels  accountable  punishes 
herself  for  a  failure  more 
than  you  can  punish  her. 
Trying  to  make  geeks  feel 
things  tends  to  be  counter¬ 
productive.  We  don’t  like 
to  be  manipulated. 

So  give  up  on  that  dream  j 
of  making  people  account-  ! 

I 

able,  and  start  thinking 
about  how  you  can  make 
accountability  a  compel¬ 
ling  offer.  An  invitation 
is  the  best  you’re  going  to 
be  able  to  muster.  Make  it 
enticing.  ■ 

Paul  Glen  is  the  founder  of 
the  GeekLeaders.com  Web 
community  and  author  of 
the  award-winning  book 
Leading  Geeks:  How  to 
Manage  and  Lead  People 
Who  Deliver  Technology 
(Jossey-Bass,  2003). 

Contact  him  at  info@ 
paulglen.com. 
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MARKETPLACE 


Has  your  power  hungry  data  center 
become  a  monster  to  man 


Have  power  hungry  racks  of  IT  equipment  created  a  monstrous 
environment  in  your  data  center?  Are  you  running  out  of  power 
capacity  before  rack  space? 


creating  unruly  power  and  cooling  issues 


Eaton's  Powerware  high-density  ePDUs  provide  current  and  temperature 


Are  you  ready  to  take  control? 

Visit  us  at  www.powerware.com/ePDU  or  call  877.785.4994 


Powerware 


fanveriy 
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Percentage  of  IT  workers 
responding  to  a  recent 
survey  who  said  that  their 
bosses  expect  them  to 
work  or  at  least  check  voice 

mail  and/or  e-mail  while  on  vacation.  In  comparison,  just 
9%  of  all  respondents  said  that  their  bosses  have  similar 
expectations.  IT  was  the  occupation  most  likely  to  be 
required  to  keep  in  touch. 


At  least  once 
a  week: 


^ore  than  three 
times  a  week: 


42% 


Less  than 
once  a  month: 

22% 


Note:  Percentages  do  not  total  100  because  of  rounding. 

SOURCE:  SURVEY  OF  430  FORTUNE  1.000  IT  PROFESSIONALS 
BY  OUTSOURCING  FIRM  SYNTEL  INC  ,  APRIL  2008 


Socially  Acceptable 

IT  professionals  have  become  extremely  active  on  social 
networking  sites  such  as  Linkedln,  Facebook  and  Xing. 

How  often  do  you  visit 
social  networking  sites? 
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Some  of  the  characteristics  that  identify  narcissists: 

They  are  successful  and  goal-oriented 
but  show  no  empathy  or  concern  for  others. 


They  are  charismatic,  well  spoken  and  funny. 

They  disrespect  boundaries  and  others’  privacy. 

They  patronize  and  criticize  others. 

They  can  be  cruel  and  abusive  toward  peers, 
but  charming  in  front  of  their  managers. 

They  expect  special  treatment  and  privileges. 

They  are  manipulative  and  pit  co-workers 
against  one  another. 

They  abhor  criticism  or  disagreement. 

They  are  anxious  or  paranoid,  reacting  with  rage  when  they 
can’t  control  a  situation  or  their  behaviors  are  exposed. 


The  It’s  All 
About  Me’ 
Syndrome 

By  Thomas  Hoffman 

IVE  YEARS  AGO,  Jean 
Ritala  had  never  heard 
the  term  narcissism.  Then 
someone  described  her 
as  having  been  “stung 
by  a  narcissist”  and  shared  books 
and  Web  sites  with  her  on  the  topic. 
Now,  besides  being  the  IT  support 
services  manager  at  Mystic  Lake 
Casino  Hotel  in  Prior  Lake,  Minn., 
Ritala  educates  and  coaches  others 
on  how  to  deal  with  narcissists. 

Narcissists  show  a  pervasive  need 
for  attention  and  admiration  and  a 
lack  of  concern  for  ethers.  But  are 
they  dangerous  in  the  workplace? 

“The  cost  to  organizations  from 
narcissism  in  the  workplace  is 
staggering,’’  as  the  narcissist’s 
co-workers  become  ill  with  stress, 
teamwork  deteriorates,  projects  fail 
and  turnover  rises,  says  Ritala. 

"Up  to  one-third  of  a  narcissist’s 
victims  if.  the  workplace  will  quit 
the  company  or  transfer  to  another 
department  if  nothing  is  done”  to 


address  the  behavior,  she  says. 

Once  she  had  become  educated 
on  the  topic  of  narcissism,  Ritala  be¬ 
gan  to  recognize  narcissistic  traits 
in  the  workplace.  Feeling  that  it  is 
a  problem  that  is  pervasive  but  too 
often  ignored,  she  and  management 
consultant  Gerald  faikewski  wrote 
a  booklet  on  the  topic,  called  Narcis¬ 
sism  in  ins  Workplace  (  Red  Swan 
Publishing  USA,  2007). 

Ritaia,  former  president  of  •  he  IT 
Service  Management  Forum  -  U,3, 
spoke  recently  with  Compuieworid 


about  dealing  with  narcissism  in  IT 
organizations. 

Is  narcissism  prevalent  within 
17  organizations?  I  think  IT  is 
more  competitive  than  some  parts  of 
the  business,  so  yes.  But  people  are 
getting  educated.  Five  years  ago, 
few  people  knew  about  narcissism. 
Now  there  are  online  discussion 
groups  which  deal  with  the  topic. 

And  the  dynamics  of  the  workforce 
have  changed  so  that  narcissist  per¬ 
sonalities  are  standing  out  more. 


What  steps  can  IT  managers 
take  to  address  these  issues? 

You  need  a  health  care  professional, 
like  a  psychologist  who  specializes 
in  employee  counseling  services, 
to  get  involved.  Managers  need  to 
document  behaviors  and  not  be 
afraid  to  go  to  HR  and  say,  "This  is 
what  I’m  seeing  and  what  people  are 
telling  me.” 

Once  narcissistic  employees 
are  identified,  how  do  you  deal 
with  them?  HR  should  encourage 
them  to  use  an  employee-referral 
service  such  as  counseling.  Some 
narcissists,  when  confronted,  can 
see  how  their  behavior  is  impacting 
staff  and  their  own  performance. 

If  they  can’t,  HR  has  to  calmly  play 
back  what  they  did.  And  you  must 
establish  firm  boundaries,  with  time¬ 
ly,  progressive  consequences.  You 
need  to  follow  up  to  see  if  behaviors 
are  improving  or  getting  worse.  But 
people’s  behavior  patterns  typically 
don’t  change  unless  they  get  help 
or  become  enlightened.  And  once  a 
narcissist’s  behaviors  are  observed 
and  documented,  they  can  become 
even  more  cruel  and  offensive,  since 
they  no  longer  can  hide  their  behav¬ 
iors  and  rationalize  them  away. 
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Software  Project  Manager  (2 
Positions)  w/Masters  or  foreign 
equiv  in  CS  or  CIS  or  Engg  &  1 
yr  exp.  ’Will  accept  Bach  or  for¬ 
eign  equiv  &  5  yrs  of  progressive 
work  exp  in  lieu  of  Masters*  or 
foreign  equiv  &  1  yr  exp. 
Manage,  plan  &  coord  Oracle 
s/ware  product  installation, 
d/base  performance  tuning, 
d/base  security,  d/base  migration 
&  dvlpmt  projects.  Dsgn,  dvlp  & 
test  applic  tuning  methodologies 
using  ERWIN,  Statspack, 
DBArtisan,  TOAD  for  Oracle, 
Precise  for  Oracle.  Write  scripts 
using  Unix  Shell  and  PERL  for 
testing.  Perform  Risk  Analysis  & 
Disaster  Recovery  planning 
using  MS  Project  &  Visio.  Supv  2 
Computer  Prgmrs.  Exp  as 
Oracle  D/base  Team  Lead  or  Sr. 
Systems  Engr  acceptable.  Mail 
res  to:  AIT  Global,  Inc.  228 
Route  34,  Matawan,  NJ  07747. 
Job  Loc:  Matawan,  NJ  or  in  any 
unanticipated  Iocs  in  the  U.S.A. 
Ref  #022 


Business  Analyst  needed  w/Bach 
or  foreign  equiv  in  Bus.  Admin,  or 
CS  or  Engg  &  2  yrs  exp  to  per¬ 
form  bus.  analysis  &  process 
analysis  using  CITMP  &  CMMi  to 
define  &  implmt  bus.  processes 
such  as  RCSA,  Info.  Security, 
Dvlpr  Access  to  Production,  SOX 
404,  S/ware  Mgmt,  Product  Dev 
&  VTM.  Ensure  CITMP  compli¬ 
ance  req.  Identify  &  resolve  non- 
compliances  via  Control  Issue 
Mgmt  &  CAPs.  2  yrs  exp  as  a 
Compliance  officer  is  acceptable. 
Mail  res  to:  IT  First  Source,  3826 
Park  Ave,  Ste  D,  Edison,  NJ 
08820.  Job  Loc:  Edison,  NJ  or  in 
any  unanticipated  Iocs  in  the 
USA. 


Software  Engineer 
Design  and  develop  software 
systems  to  build  and  maintain 
mission-critical  software  produc¬ 
tion  systems  through  the  full 
systems  lifecycle  including 
requirements  capture,  design, 
development,  testing  and 
deployment.  Must  have  BS  in 
Computer  Engineering  plus  5 
yrs  progressive  exp  in  software 
development.  Send  resume  to 
Stacie  Rader,  HR,  BG  Medicine, 
Inc.,  610  North  Lincoln  Street, 
Waltham,  MA  02451 


Didn’t  find  the 
IT  career 
that  you  were 
looking  for? 


Check  back  with  us  weekly 
for  fresh  listings  placed 
by  top  companies 
looking  for  skilled 
professionals  like  you! 


iTcareers 


IT  careers 


Systems  Administrator,  Clark, 
NJ:  Install,  configure,  trou¬ 
bleshoot,  evaluate  performance 
analysis,  manage,  automate,  & 
setup  Web  Tier  Migration. 
Install,  configure,  &  maintain 
Websphere  Application  Server, 
HIS,  SiteMinder,  Websphere 
MQ.  Deploy  J2EE  applications 
in  shared  WAS  environment. 
Create  data  sources  for  appli¬ 
cations  involving  DB2,  Sybase, 
&  Oracle.  Duties  entail  working 
with  PL/SQL,  C++,  Weblogic, 
Java  Web  Server,  Windows 
XP/NT/2000,  Linux  Solaris,  & 
Unix.  BS/Equi  in  CS,  Math, 
Tech,  MIS,  CIS,  Bus,  or  Eng 
(any)  W/2yr  exp.  Salary  DOE. 
Email  resume  to: 

njconsulting@tact.com  or  mail 
to  Helios  &  Matheson  North 
America,  Inc,  77  Brant  Avenue, 
Clark,  NJ  07066  &  refer 
CS1008. 


Programmer  Analysts  (3 
Openings)  w/Bach  or  foreign 
equiv  in  Comp.  Applic.  or  Comp. 
Sci  or  Engg  &  1  yr  exp  to  provide 
complete  life  cycle  of  s/ware 
dvlpmt  incl  analysis,  coding,  test¬ 
ing  &  documentation.  Dvlp  web 
svcs,  web  applies  &  reports  using 
Java/J2EE,  Oracle,  Hibernate, 
JSF,  Toad,  Oracle  Application 
Server,  Eclipse  &  My  Eclipse. 
Provide  tech  support.  1  yr  exp 
prior  to  completion  of  education  is 
acceptable,  1  yr  exp  as  S/ware 
Engineer  is  acceptable.  Mail  res 
to:  IT  First  Source,  3826  Park 
Ave,  Ste  D,  Edison,  NJ  08820. 
Job  Loc:  Edison,  NJ  or  in  any 
unanticipated  Iocs  in  the  USA. 


Sr.  Network  &  Security  Engineer 
-  Dvlp  &  install  cost  effective, 
operationally  supportable  solu¬ 
tions  that  meet  reqmts  in  SLAs, 
to  work  in  Mountain  View,  CA. 
Reqmts  incl  Bach  in  Comp  Sci, 
Electrical  Engg,  Comp 
Technology  or  related  field;  2  yrs 
exp  in  job  offd  or  as  Security 
Engr,  System  Administrator  or 
related;  CCSA  certification, 
NCSP  certification;  &  working 
knowl  of  NetScreen, 
Checkpoint/firewalls,  &  various 
routers,  switches  &  load  bal¬ 
ancers.  Resume  to:  HR-JS, 
Webroot  Software,  2560  55th 
St.,  Boulder,  CO  80301. 


Invensys,  Inc.  seeks  program¬ 
mer/analyst,  business  analyst, 
DBA  to  design  applications 
using  skills  of  Oracle,  Java, 
VB.Net,  SAP  etc.  Travel 
required.  Must  have  Master  or 
BS  with  1-5yr  exp.  Send 
resumes  to  resume@invensys- 
inc.com.  EOE 

Global  Techies  seeks  system 
analyst,  software  engineer  to 
customize  applications  using 
Java,  DB2,  Oracle,  VB  etc  per 
project  requirement.  Travel 
required.  Send  resume  to  38345 
W  1 0Mile,  #380,  Farmington 
Hills,  Ml  48335. 


Integration  Architect:  (Augusta, 
GA):  Responsible  for  EAI  appli¬ 
cation  &  development.  Defining 
the  application  architecture  for 
the  integration  of  systems,  & 
working  with  the  development  & 
infrastructure  organizations  to 
ensure  successful  implementa¬ 
tion.  Reqmts:  Master's  degree 
in  Comp  Sci,  Engg  or  a  related 
field.  1  yr  of  exp  in  job  offered  or 
related  occupation  which  must 
include  exp  in  designing,  devel¬ 
oping  &  implementing 
webMethods,  WebSphere  MQ 
S/ware  upgrades  &  fixes,  post 
production  support  including 
level  2  &  3  support  for 

webMethods  servers  &  applica¬ 
tion  interfaces.  Must  have  the 
ability  to  lead  complex  major 
projects  using  project  manage¬ 
ment  tools  &  techniques.  Must 
possess  proven  project  imple¬ 
mentation  skills.  Must  have  the 
ability  to  analyze  technical 
issues  &  provide  development 
expertise  to  enhance  existing 
EAI  solutions  &  also  develop 
complex  EAI  solutions.  We  offer 
competitive  salaries  &  benefits. 
Please  mail,  email  or  fax 
resumes  to  Attn:  Beverly  Fisher, 
Fax:  (216)  898-2340.  Email: 
beverly.fisher@electrolux.com 


IT-mult.  openings,  some 
req  Bach/equiv,  others 
Masters/equiv  &  0-5  yrs 
exp.  depending  on  posi¬ 
tion.  Jobs  may  req.  trav¬ 
el/relocation.  Send 

resume  to:  Infomerica, 
Inc.,  252  Towne  Village 
Dr.,  Cary,  NC  27513 

Interactive  Business  Servives 
seeks  analysts,  administrators, 
software  engineers  to  customize 
applications  using  tools  per  pro¬ 
ject  requirements.  Travel 
required.  Require  MS/BS  with  1- 
5yr  exp.  Send  resumes  to 
sagar@naveltech.com. 

Universal  System  Technologies 
seeks  Sr.  SAP  consultant  (IT 
Manager).  Implement  SAP  solu¬ 
tions  using  SAP  FI  CO  GL  AP 
AR  AM,  Oracle,  MS-Project, 
Visio  &  Solution  Manager.  Travel 
required.  MS  or  BS  with  5-yr 
exp.  Contact  niraj@ust.net. 
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TRUE  TALES  OF  ST  LIFE  AS  TOLD  TO  SHARKY 


j  Ifs  Academic! 

;  Computer  engineering  depart- 
|  ment  at  this  big  university 
gets  funding  for  a  new  build¬ 
ing,  and  one  faculty  member 
;  decides  that  his  grad  students 
;  can  lay  out  the  server  room 
!  better  than  the  department’s 
!  IT  people.  When  the  students 
;  are  done,  faculty  guy  gives 
l  this  IT  pilot  fish  a  tour.  Fish 
j  looks  at  the  racks,  which  are 
!  one  foot  from  the  wall,  and 
asks  how  admins  will  maneu- 
\  ver  behind  them  to  plug  power 
!  and  network  cables  into  the 
J  servers.  Faculty  guy  stam- 
i  mers  for  a  moment,  then  says 
!  they’ll  just  mount  the  servers 
face-in.  Then  fish  asks  how 
j  the  admins  will  access  the 
|  fronts  of  the  servers,  and 
i  how  they’re  going  to  handle 


the  airflow  problem.  “Faculty 
member  said,  as  he  stormed 
out  of  the  room,  ‘If  you  know 
so  much,  then  you  fix  it,’  ” 
says  fish.  “Department  chair 
told  me  to  make  fixing  the 
room  a  top  priority.” 

Aha! 

Flash  back  to  the  mid-1980s, 
when  this  finance  company’s 
installation  of  more  than 
80  refrigerator-size  tape 
drives  has  gone  nuts.  “Inex¬ 
plicable  errors  occur  each 
week,  always  sometime  be¬ 
tween  midmorning  and  1  p.m. 
affecting  multiple  drives 
and  abnormally  terminating 
massive,  long-running  jobs,” 
says  a  pilot  fish  there.  “Both 
the  company  and  equipment 
vendor  spent  huge  sums  of 


money  trying  to  fix  the  prob¬ 
lem,  with  no  success.  After 
three  months  with  no  an¬ 
swers,  the  account  engineer 
one  day  noticed  a  bright  spot 
of  light  playing  across  the 
front  of  the  tape  drives.  The 
light  beam  was  coming  from 
the  building  across  the  street, 
one  floor  above  him.  Turns  out 
a  computer  operator  fired  four 
months  before  was  now  work¬ 
ing  across  the  street.  She 
periodically  went  into  the  rest¬ 
room,  opened  a  window  and 
used  a  small  mirror  to  reflect 
a  narrow  beam  of  sunlight 
across  the  tape  drives,  which 
totally  messed  up  the  drives’ 
fiber  optics.  She  didn’t  work 
there  much  longer.” 

Feeling  Secure? 

Pilot  fish  keeps  his  money  in 
a  small  bank  that  merges  with 
a  slightly  larger  one,  and  he’s 
notified  that  he’ll  have  to  visit 
the  bank  in  person  to  activate 
his  new  online  account.  When 
he  does  so,  a  teller  explains 
that  he  needs  a  new  password 


and  quickly  jots  something 
down  on  a  scrap  of  paper, 
which  she  hands  to  him. 

What’s  this?  fish  asks.  “Your 
new  password,”  teller  says. 
Stunned  fish  asks  if  she  really  j 
knows  everyone’s  password. 

“Oh,  they’re  all  the  same,”  she  ! 
says.  You’re  kidding,  right? 
gulps  fish.  “It’s  OK,”  she  tells 
him,  “you  can  change  it  to 
whatever  you  like.”  Says  ap¬ 
palled  fish,  “I  rushed  home, 
changed  my  password  -  and 
then  went  back  out  to  open 
an  account  with  a  different 
bank.” 

% 

■  Deposit  your  true  tale  of 
IT  life  with  me  at  sharky@ 
computerworld.com.  You’ll 
score  a  sharp  Shark  shirt  if  I 
use  it. 


O  TIRED  OF  BUNGLING  BOSSES 

and  clueless  co-workers? 

Swim  on  over  to  Shark  Bait 
and  share  your  tales  of  woe: 

sharkbait.computerworld.com  ~  ^ 

©  CHECK  OUT  Sharky’s  blog,  browse  the 
Sharkives  and  sign  up  for  Shark  Tank  home 
delivery  at  computerworld.com/sharky. 
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■  FRANKLY  SPEAKINO 


!  Cryptic  Reading 

ENCRYPTION  IS  HARD.  Case  in  point:  the  U.S.  gov¬ 
ernment,  which  requires  its  agencies  to  encrypt  all 
sensitive  data  on  laptops  and  mobile  devices.  But  ac¬ 
cording  to  the  Government  Accountability  Office,  as 
|  of  last  year,  70%  of  such  devices  didn’t  encrypt  —  and  the  oth- 
:  er  30%  weren’t  in  great  shape  either  (see  story,  page  4). 


The  GAO  just  released 
[  a  report  that  audited  24 
I  agencies  and  depart- 
;  ments  for  their  mobile 
I  encryption  implementa- 
i  tions.  It  included  trouble 

i 

;  spots  like  the  Depart- 
I  ment  of  Veterans  Af- 

*  fairs,  which  in  2006  lost 
j  a  laptop  containing  the 

I  personal  information  of 

*  26  million  vets  and  mili- 
!  tary  personnel,  and  the 

;  Commerce  Department, 
l  which  has  lost  more  than 

*  1,000  laptops  since  2001. 

You  already  know  the 
I  headline  conclusion:  At 
;  the  time  of  the  audit,  June 
J  to  September  2007,  more 
»  than  two-thirds  of  the 
j  mobile  devices  in  these 
!  24  agencies  weren’t  using 

encryption  at  all. 

But  that’s  not  the  inter- 
;  esting  part.  The  GAO  also 
;  found  that,  in  many  cases, 
!  even  the  devices  believed 
to  be  encrypted  had 
J  problems.  Sometimes  the 
I  encryption  wasn’t  actu- 
;  ally  installed.  Or  it  wasn’t 
I  configured  correctly.  Or 
it  hadn’t  been  turned  on. 


Often,  users  hadn’t  been 
trained,  sensitive  infor¬ 
mation  hadn’t  been  in¬ 
ventoried,  and  crypto  key 
control  procedures  hadn’t 
been  established. 

You  can  read  the  gory 
details  by  downloading 
the  report  (it’s  on  the  Web 
at  www.gao.gov/new.items/ 
d08525.pdf).  The  real  hor¬ 
ror  stories  start  on  page  29. 

(Predownload  quiz: 
Guess  which  department 
hadn’t  installed  encryp¬ 
tion  on  any  laptops,  even 
though  officials  insisted 
that  it  had?  Guess  which 
hotshot  technical  agency 
said  it  had  no  way  of  tell¬ 
ing  whether  encryption 
software  had  been  suc¬ 
cessfully  installed  on  a 
laptop?  And  guess  which 
department’s  employees 
never  used  encryption 

H  iisess  which 
department  hadn’t 
installed  encryp¬ 
tion  on  any  laptops, 
though  officials  in¬ 
sisted  that  if  had? 


because  no  one  told  them 
it  was  installed?) 

Even  if  you  don’t  care 
about  the  dirt  turned  up 
by  the  audit,  you  should 
download  the  report.  It  in¬ 
cludes  a  remarkably  read¬ 
able  crib  sheet  on  the  dif¬ 
ferent  types  of  encryption 
for  mobile  device  hard 
disks  (full  disk,  file,  folder, 
virtual  disk),  communica¬ 
tions  (VPNs,  digital  sig¬ 
natures  and  certificates) 
and  handheld  devices. 

It  also  gives  a  good 
rundown  of  the  cat¬ 
egories  of  problems  the 
agencies  ran  into  with 
their  encryption  efforts, 
as  well  as  a  table  listing 
the  actual  volume  pricing 
that  government  agencies 
are  getting.  (One  nice 
non-horror  story  from 
the  report:  The  Depart¬ 
ment  of  Agriculture  cut 
its  own  deal  for  180,000 
encryption  licenses  at 
$9.63  each,  way  below 
even  the  best  government 
price  schedule.) 

In  short,  it’s  a  useful, 
practical  overview  of 


the  ups  and  downs  of 
putting  encryption  on 
laptops,  portable  drives 
and  BlackBerries.  And  it’s 
based  on  real-world  expe¬ 
rience  —  even  if,  for  most 
government  agencies, 
that  experience  hasn’t  yet 
translated  into  success. 

Why  do  you  care?  Be¬ 
cause  encryption  is  hard. 
And  encryption  is  coming 
to  portable  devices  near 
you.  Whether  because  of 
regulations,  lawsuits  or 
common  sense,  soon  or 
late  you’ll  be  doing  this  in 
your  IT  shop. 

The  more  you  learn 
now  about  someone  else’s 
foul-ups,  failures  and  dead 
ends,  the  better  you’ll 
be  able  to  avoid  them. 
And  as  long  as  your  tax 
dollars  are  being  spent 
on  these  mistakes,  you 
might  as  well  get  some 
value  from  the  exercise. 

Besides,  what  other  re¬ 
port  that  you  browse  this 
year  will  tell  you  how  the 
State  Department  dodged 
its  audit:  “Although  the 
inventory  provided  by 
the  agency  indicated 
that  the  employees  were 
assigned  to  the  location 
that  we  visited,  they  were 
actually  assigned  to  posts 
throughout  the  world.” 

Happy  summer 
reading.  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 
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